Index: wp-includes/js/tinymce/plugins/wplink/js/wplink.dev.js
===================================================================
--- wp-includes/js/tinymce/plugins/wplink/js/wplink.dev.js	(revision 17246)
+++ wp-includes/js/tinymce/plugins/wplink/js/wplink.dev.js	(working copy)
@@ -433,7 +433,8 @@
 			var self = this,
 				query = {
 					action : 'wp-link-ajax',
-					page : this.page
+					page : this.page,
+					'_ajax_linking_nonce' : $('#_ajax_linking_nonce').val()
 				};
 
 			if ( this.search )
Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php	(revision 17246)
+++ wp-admin/admin-ajax.php	(working copy)
@@ -57,10 +57,14 @@
 	$current_screen->is_network = 'false' === $current_screen->is_network ? false : true;
 	$current_screen->is_user = 'false' === $current_screen->is_user ? false : true;
 
+	$list_class = $_GET['list_args']['class'];
+
+	check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' );
+
 	define( 'WP_NETWORK_ADMIN', $current_screen->is_network );
 	define( 'WP_USER_ADMIN', $current_screen->is_user );
 
-	$wp_list_table = get_list_table( $_GET['list_args']['class'] );
+	$wp_list_table = get_list_table( $list_class );
 	if ( ! $wp_list_table )
 		die( '0' );
 
@@ -1089,6 +1093,8 @@
 case 'wp-link-ajax':
 	require_once ABSPATH . 'wp-admin/includes/internal-linking.php';
 
+	check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' );
+
 	$args = array();
 
 	if ( isset( $_POST['search'] ) )
Index: wp-admin/includes/internal-linking.php
===================================================================
--- wp-admin/includes/internal-linking.php	(revision 17246)
+++ wp-admin/includes/internal-linking.php	(working copy)
@@ -71,6 +71,7 @@
 function wp_link_dialog() {
 ?>
 <form id="wp-link" tabindex="-1">
+<?php wp_nonce_field( 'internal-linking', '_ajax_linking_nonce', false ); ?>
 <div id="link-selector">
 	<div id="link-options">
 		<p class="howto"><?php _e( 'Enter the destination URL' ); ?></p>
Index: wp-admin/includes/class-wp-list-table.php
===================================================================
--- wp-admin/includes/class-wp-list-table.php	(revision 17246)
+++ wp-admin/includes/class-wp-list-table.php	(working copy)
@@ -685,6 +685,8 @@
 	function display() {
 		extract( $this->_args );
 
+		wp_nonce_field( "fetch-list-" . get_class( $this ), '_ajax_fetch_list_nonce' );
+
 		$this->display_tablenav( 'top' );
 
 ?>
Index: wp-admin/js/list-table.dev.js
===================================================================
--- wp-admin/js/list-table.dev.js	(revision 17246)
+++ wp-admin/js/list-table.dev.js	(working copy)
@@ -86,7 +86,8 @@
 	fetch_list: function(data, success_callback, error_callback) {
 		data = $.extend(data, {
 			'action': 'fetch-list',
-			'list_args': list_args
+			'list_args': list_args,
+			'_ajax_fetch_list_nonce': $('#_ajax_fetch_list_nonce').val()
 		});
 
 		$.ajax({