diff --git a/front/config.form.php b/front/config.form.php
index 9645c2b..3ea7941 100644
--- a/front/config.form.php
+++ b/front/config.form.php
@@ -32,6 +32,8 @@
 
 include('../../../inc/includes.php');
 
+Session::checkLoginUser();
+
 // No autoload when plugin is not activated
 require_once('../inc/config.class.php');
 
diff --git a/front/export.massive.php b/front/export.massive.php
index ee15b60..0fab385 100644
--- a/front/export.massive.php
+++ b/front/export.massive.php
@@ -32,6 +32,8 @@
 
 include('../../../inc/includes.php');
 
+Session::checkRight('plugin_pdf', READ);
+
 Plugin::load('pdf', true);
 
 $type = $_SESSION['plugin_pdf']['type'];
diff --git a/front/export.php b/front/export.php
index 327e23b..d3df80e 100644
--- a/front/export.php
+++ b/front/export.php
@@ -35,6 +35,8 @@
 
 include('../../../inc/includes.php');
 
+Session::checkRight('plugin_pdf', READ);
+
 /* 0.85 Hack to allow multiple exports, yes this is an hack, yes an awful one */
 if (!isset($_SESSION['glpicsrftokens'][$token])) {
     $_SESSION['glpicsrftokens'][$token] = time() + GLPI_CSRF_EXPIRES;
diff --git a/front/preference.form.php b/front/preference.form.php
index 46e4ccc..657af87 100644
--- a/front/preference.form.php
+++ b/front/preference.form.php
@@ -32,6 +32,8 @@
 
 include_once('../../../inc/includes.php');
 
+Session::checkLoginUser();
+
 /** @var \DBmysql $DB */
 global $DB;