Description
Your web application's GraphQL implementation accepts non-JSON queries over GET requests, increasing the risk of Cross-Site Request Forgery (CSRF) attacks. While JSON-based POST requests are generally considered resistant to CSRF, non-JSON GET requests are more susceptible to this type of attacks.
Remediation
Restrict GraphQL queries to JSON-based POST requests to limit the CSRF attack surface.
References
Related Vulnerabilities
Laravel debug mode enabled (AcuSensor)
WordPress Plugin jQuery Reply to Comment Cross-Site Request Forgery (1.31)
WordPress Plugin Simple add pages or posts Cross-Site Request Forgery (1.6)
WordPress Plugin Login With Ajax Cross-Site Request Forgery (3.0.4.1)
WordPress Plugin WP Maintenance Cross-Site Request Forgery (5.0.5)