Description
Your web application's GraphQL implementation accepts non-JSON queries over GET requests, increasing the risk of Cross-Site Request Forgery (CSRF) attacks. While JSON-based POST requests are generally considered resistant to CSRF, non-JSON GET requests are more susceptible to this type of attacks.
Remediation
Restrict GraphQL queries to JSON-based POST requests to limit the CSRF attack surface.
References
Related Vulnerabilities
WordPress Plugin WordPress WP-Advanced-Search Cross-Site Request Forgery (3.3.8)
WordPress Plugin Per page add to head Cross-Site Request Forgery (1.4.3)
WordPress Plugin WP CleanFix Cross-Site Request Forgery (2.4.4)
WordPress Plugin twimp-wp-twitter multi publisher Cross-Site Request Forgery (0.1)