diff --git a/includes/admin/class-wc-admin-importers.php b/includes/admin/class-wc-admin-importers.php
index 26155622d32..65c477e546d 100644
--- a/includes/admin/class-wc-admin-importers.php
+++ b/includes/admin/class-wc-admin-importers.php
@@ -278,7 +278,7 @@ class WC_Admin_Importers {
 				array(
 					'position'   => 'done',
 					'percentage' => 100,
-					'url'        => add_query_arg( array( 'nonce' => wp_create_nonce( 'product-csv' ) ), admin_url( 'edit.php?post_type=product&page=product_importer&step=done' ) ),
+					'url'        => add_query_arg( array( '_wpnonce' => wp_create_nonce( 'woocommerce-csv-importer' ) ), admin_url( 'edit.php?post_type=product&page=product_importer&step=done' ) ),
 					'imported'   => count( $results['imported'] ),
 					'failed'     => count( $results['failed'] ),
 					'updated'    => count( $results['updated'] ),
diff --git a/includes/admin/importers/class-wc-product-csv-importer-controller.php b/includes/admin/importers/class-wc-product-csv-importer-controller.php
index 41e23744806..e18332600ee 100644
--- a/includes/admin/importers/class-wc-product-csv-importer-controller.php
+++ b/includes/admin/importers/class-wc-product-csv-importer-controller.php
@@ -366,6 +366,7 @@ class WC_Product_CSV_Importer_Controller {
 	 * Mapping step.
 	 */
 	protected function mapping_form() {
+		check_admin_referer( 'woocommerce-csv-importer' );
 		$args = array(
 			'lines'     => 1,
 			'delimiter' => $this->delimiter,
@@ -399,6 +400,10 @@ class WC_Product_CSV_Importer_Controller {
 	 * Import the file if it exists and is valid.
 	 */
 	public function import() {
+		// Displaying this page triggers Ajax action to run the import with a valid nonce,
+		// therefore this page needs to be nonce protected as well.
+		check_admin_referer( 'woocommerce-csv-importer' );
+
 		if ( ! self::is_file_valid_csv( $this->file ) ) {
 			$this->add_error( __( 'Invalid file type. The importer supports CSV and TXT file formats.', 'woocommerce' ) );
 			$this->output_errors();
@@ -411,7 +416,6 @@ class WC_Product_CSV_Importer_Controller {
 			return;
 		}
 
-		// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification -- Nonce already verified in WC_Admin_Importers::do_ajax_product_import()
 		if ( ! empty( $_POST['map_from'] ) && ! empty( $_POST['map_to'] ) ) {
 			$mapping_from = wc_clean( wp_unslash( $_POST['map_from'] ) );
 			$mapping_to   = wc_clean( wp_unslash( $_POST['map_to'] ) );
@@ -422,7 +426,6 @@ class WC_Product_CSV_Importer_Controller {
 			wp_redirect( esc_url_raw( $this->get_next_step_link( 'upload' ) ) );
 			exit;
 		}
-		// phpcs:enable
 
 		wp_localize_script(
 			'wc-product-import',
@@ -447,13 +450,12 @@ class WC_Product_CSV_Importer_Controller {
 	 * Done step.
 	 */
 	protected function done() {
-		// phpcs:disable WordPress.Security.NonceVerification.NoNonceVerification
+		check_admin_referer( 'woocommerce-csv-importer' );
 		$imported = isset( $_GET['products-imported'] ) ? absint( $_GET['products-imported'] ) : 0;
 		$updated  = isset( $_GET['products-updated'] ) ? absint( $_GET['products-updated'] ) : 0;
 		$failed   = isset( $_GET['products-failed'] ) ? absint( $_GET['products-failed'] ) : 0;
 		$skipped  = isset( $_GET['products-skipped'] ) ? absint( $_GET['products-skipped'] ) : 0;
 		$errors   = array_filter( (array) get_user_option( 'product_import_error_log' ) );
-		// phpcs:enable
 
 		include_once dirname( __FILE__ ) . '/views/html-csv-import-done.php';
 	}