diff --git a/classes/ajax.php b/classes/ajax.php
index f4d18ba168..ebff89d094 100755
--- a/classes/ajax.php
+++ b/classes/ajax.php
@@ -560,6 +560,8 @@ public function crop_store_banner() {
             wp_send_json_error();
         }
 
+        check_ajax_referer( 'image_editor-' . $_POST['id'], 'nonce' );
+
         $crop_details = $_POST['cropDetails'];
 
         $dimensions = $this->get_header_dimensions( array(