diff --git a/workflow/engine/methods/userPersonalInformation/public/index.html b/workflow/engine/methods/userPersonalInformation/public/index.html
index f93bd8acc..f5eb8dfd0 100644
--- a/workflow/engine/methods/userPersonalInformation/public/index.html
+++ b/workflow/engine/methods/userPersonalInformation/public/index.html
@@ -4,6 +4,7 @@
         <meta charset="utf-8">
         <meta http-equiv="X-UA-Compatible" content="IE=edge">
         <meta name="viewport" content="width=device-width,initial-scale=1.0">
+        <meta name="csrf-token" content="csrfToken" />
         <link rel="icon" href="<%= BASE_URL %>favicon.ico">
         <title><%= htmlWebpackPlugin.options.title %></title>
         <!-- These are default values, then they are overridden when processmaker runs -->
diff --git a/workflow/engine/methods/userPersonalInformation/src/components/personalInformation.vue b/workflow/engine/methods/userPersonalInformation/src/components/personalInformation.vue
index a4c9b9ad9..2d5a15c7b 100644
--- a/workflow/engine/methods/userPersonalInformation/src/components/personalInformation.vue
+++ b/workflow/engine/methods/userPersonalInformation/src/components/personalInformation.vue
@@ -480,6 +480,7 @@
                 formData.append("USR_UID", this.form.USR_UID);
                 formData.append("USR_LOGGED_NEXT_TIME", this.form.USR_LOGGED_NEXT_TIME);
                 formData.append("USR_EXTENDED_ATTRIBUTES_DATA", JSON.stringify(extendedAttributes));
+                formData.append("_token", document.querySelector('meta[name="csrf-token"]').content);
                 axios.post(this.$root.baseUrl() + "users/usersAjax", formData)
                         .then(response => {
                             response;
diff --git a/workflow/engine/methods/users/usersEdit.php b/workflow/engine/methods/users/usersEdit.php
index 549e8eb03..b5a08f69a 100644
--- a/workflow/engine/methods/users/usersEdit.php
+++ b/workflow/engine/methods/users/usersEdit.php
@@ -15,6 +15,7 @@ if (isset($_REQUEST['userInterface']) && $_REQUEST['userInterface'] === "v2") {
     $html = file_get_contents(PATH_HTML . "lib/userPersonalInformation/index.html");
     $html = str_replace("var USR_UID='';", "var USR_UID='{$_GET['USR_UID']}';", $html);
     $html = str_replace("translation.en.js", "translation.{$lang}.js", $html);
+    $html = str_replace("csrfToken", csrfToken(), $html);
     echo $html;
     exit();
 }
diff --git a/workflow/engine/methods/users/usersNew.php b/workflow/engine/methods/users/usersNew.php
index f70b28ae8..353ef3163 100644
--- a/workflow/engine/methods/users/usersNew.php
+++ b/workflow/engine/methods/users/usersNew.php
@@ -10,6 +10,7 @@ if (isset($_REQUEST['userInterface']) && $_REQUEST['userInterface'] === "v2") {
 
     $html = file_get_contents(PATH_HOME . "public_html/lib/userPersonalInformation/index.html");
     $html = str_replace("translation.en.js", "translation.{$lang}.js", $html);
+    $html = str_replace("csrfToken", csrfToken(), $html);
     echo $html;
     exit();
 }