The Jenkins security team doesn't consider the lack of CSRF protection in this method to be a security vulnerability given the impact. This is because the cleanup process happens periodically anyway.

However, adding a POST or RequirePOST annotation could still improve your plugin and should therefore be considered.

More information at https://www.jenkins.io/doc/developer/security/form-validation/#protecting-from-csrf