The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.