CSRF that makes any user send invitations to the attacker by simply clicking on a link.