Cross-Site Request Forgery (CSRF) is an attack that forces Web application users to execute unwanted actions on a Web application in which they are
authenticated. With a little social engineering, such as sending a link via e-mail or chat, an attacker
may force the users to execute actions of the attacker's choosing.
A successful CSRF exploit can compromise user data and operations.
If the targeted user is a Web administrator, the attack can compromise the entire Web application.
This is a flaw under the category A5 in the OWASP Top Ten.