Security has been greatly improved and tightened in v1.5.0 so that unauthorized scripts (ie: things running without logging in) can't damage the cart.

All admin scripts which change data must properly use form POSTs instead of GETs and must have a valid securityToken in them, which is only available to logged-in user sessions.

You will need to update your scripts accordingly.