CSRF

Cross-Site Request Forgery (CSRF) is when a privileged user is tricked into making a request by following a link from an unrelated web site (or some other source, such as email). Any requests that perform actions, such as creating, updating, or deleting content, need protection from CSRF. They can be protected by requiring the privileged user to submit a confirmation form or by requiring a token based on  the user's session. Only the current site can provide a valid token.