None of the script management functionality in Scriptler requires POST access, and is therefore vulnerable to CSRF exploits even with CSRF protection enabled in the Jenkins global security configuration.
Dominik Bartholdi thank you for working to close several of the issues:
Any idea when will these be released into a new version of Scriptler? I think a lot of people are excited to get a new version that clears the security concerns including us that support the Active-Choices plugin, a major benefactor of the Scriptler functionality. Best regards, Ioannis