Cross-site request forgery in Magento 2 can be avoided by adding a form key to the Phtml code.
According to Wikipedia, cross-site request forgery results in,
"An attacker deceives an innocent end-user into sending a web request that they did not intend. This could result in actions being taken on the website, such as unintentional client or server data leaking, session state modification, or account manipulation.
When you add a form key in Magento 2, you protect your website from spammers trying to post to your forms from other websites pretending to be you!
By putting the solution into practice, Magento will be instructed to look for a layout block named "formkey," output it and store it for the duration of a user session.
For a programmatical solution, Visit : https://meetanshi.com/blog/add-form-key-in-magento-2/