CSRF(cross-site request forgery) is the attack in which unwanted operations are performed on the currently authenticated user’s states like changing the password or transferring the fund, enabling/disabling any service.
In the worst scenario, it can be performed on the administrative account, in that case, it will compromise the security of the entire application.
For example, there is an endpoint to change the contact number
One of the ways to carry out the CSRF is that intruder can exploit the URL which is most likely to be clicked by the user.
<a href='http://mysite.com/change-number?new=54321'">Check your daily horoscope</a>