Description
Your web application's GraphQL implementation accepts non-JSON queries over GET requests, increasing the risk of Cross-Site Request Forgery (CSRF) attacks. While JSON-based POST requests are generally considered resistant to CSRF, non-JSON GET requests are more susceptible to this type of attacks.
Remediation
Restrict GraphQL queries to JSON-based POST requests to limit the CSRF attack surface.
References
Related Vulnerabilities
WordPress Plugin Ultimate Profile Builder By CMSHelpLive Multiple Vulnerabilities (2.3.3)
WordPress Plugin Product Import Export for WooCommerce Cross-Site Request Forgery (1.7.4)
WordPress Plugin Portfolio Cross-Site Request Forgery (1.0)
WordPress Plugin WooCommerce Cross-Site Request Forgery (2.2.2)