diff --git a/vendor/fishpig/magento2-wordpress-integration/Controller/Post/Comment/Submit.php b/vendor/fishpig/magento2-wordpress-integration/Controller/Post/Comment/Submit.php
index 3a15e31..cca5ea0 100644
--- a/vendor/fishpig/magento2-wordpress-integration/Controller/Post/Comment/Submit.php
+++ b/vendor/fishpig/magento2-wordpress-integration/Controller/Post/Comment/Submit.php
@@ -6,8 +6,15 @@ declare(strict_types=1);

 namespace FishPig\WordPress\Controller\Post\Comment;

+use Magento\Framework\Data\Form\FormKey\Validator;
+
 class Submit extends \Magento\Framework\App\Action\Action
 {
+    /**
+     * @var Validator
+     */
+    protected Validator $formKeyValidator;
+
     /**
      * @auto
      */
@@ -23,9 +30,11 @@ class Submit extends \Magento\Framework\App\Action\Action
      */
     public function __construct(
         \Magento\Framework\App\Action\Context $context,
+        \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator,
         \FishPig\WordPress\Model\PostFactory $postFactory,
         \FishPig\WordPress\Model\UrlInterface $wpUrlBuilder
     ) {
+        $this->formKeyValidator = $formKeyValidator;
         $this->postFactory = $postFactory;
         $this->wpUrlBuilder = $wpUrlBuilder;

@@ -42,6 +51,10 @@ class Submit extends \Magento\Framework\App\Action\Action
         );

         try {
+            if (!$this->formKeyValidator->validate($this->getRequest())) {
+                throw new \FishPig\WordPress\App\Exception('Form key is not valid');
+            }
+
             if (($postId = (int)$this->getRequest()->getParam('post_id')) === 0) {
                 throw new \FishPig\WordPress\App\Exception('Invalid post ID.');
             }