Hi Aditya,
Please do not publish potential security issues to this public forum. We have a security submission form where you can send any findings here: https://moodle.org/security/report/. We have a Responsible Disclosure Policy, so any confirmed security issues are not published until a patch is in place (for more information, see our Security Policies documentation).
Regarding this specific finding, the sesskey is a CSRF token, and not a session token. That being the case, this is considered a low severity issue, but we are aware it is best practice to send these via POST rather than GET and do endeavour to fix any of these cases where GET is discovered. It would be great if you can submit your findings via the security submission form, so the cases you have identified can be triaged and fixed if necessary.
Thanks!