The plugin suffers from a Denial of Service vulnerability by Field Duplication. It is possible to create an expensive query by duplicating the number of fields, while simultaneously sending these requests in batches using GraphQL’s Batching capability.
NO known fix.
Removal or replacement strongly suggested.
Details: https://wpscan.com/vulnerability/95cc88c8-18a3-4937-a6a9-8e80c6e859c5