Cross-site request forgery (CSRF) vulnerabilities can be used to trick a
user’s browser into performing an unwanted action on your site.
Any function that your users can perform deliberately is something they
can be tricked into performing inadvertently using CSRF. As we saw in our
example, in the most malign cases, CSRF
attacks can spread themselves as a worm.
It is hard to estimate the prevalence of CSRF attacks; often the only
evidence is the malicious effects caused by the attack. CSRF is routinely
described as one of the top-ten security vulnerabilities by OWASP.