What is CSRF?
CSRF (Cross-Site Request Forgery) is a type of attack which tricks the victim to do a task on the victim authenticated web-application on behalf of the interests of the attacker. An application vulnerable to CSRF enables attackers to perform any actions on the victim’s behalf without his/her knowledge.
Assume currently you are shopping on a website that uses inhouse credits as currency. You are currently logged into the site and browsing for some products. Then you visit some other site for a cool new wallpaper for your desktop, not knowing that it is a malicious site and you hit the download button for the image.