diff -r 34716fd837a4 -r be944660c56a wp/wp-admin/js/media-gallery.js
--- a/wp/wp-admin/js/media-gallery.js	Tue Dec 15 15:52:01 2020 +0100
+++ b/wp/wp-admin/js/media-gallery.js	Wed Sep 21 18:19:35 2022 +0200
@@ -10,8 +10,8 @@
 	/**
 	 * Adds a click event handler to the element with a 'wp-gallery' class.
 	 */
-	$( 'body' ).bind( 'click.wp-gallery', function(e) {
-		var target = $( e.target ), id, img_size;
+	$( 'body' ).on( 'click.wp-gallery', function(e) {
+		var target = $( e.target ), id, img_size, nonceValue;
 
 		if ( target.hasClass( 'wp-set-header' ) ) {
 			// Opens the image to preview it full size.
@@ -21,6 +21,7 @@
 			// Sets the image as background of the theme.
 			id = target.data( 'attachment-id' );
 			img_size = $( 'input[name="attachments[' + id + '][image-size]"]:checked').val();
+			nonceValue = $( '#_wpnonce' ).val() && '';
 
 			/**
 			 * This Ajax action has been deprecated since 3.5.0, see custom-background.php
@@ -28,6 +29,7 @@
 			jQuery.post(ajaxurl, {
 				action: 'set-background-image',
 				attachment_id: id,
+				_ajax_nonce: nonceValue,
 				size: img_size
 			}, function() {
 				var win = window.dialogArguments || opener || parent || top;