Plain text data is being sent as a part of URL.
What are query parameters?
If an URI has certain variable and its corresponding value getting communicated in HTTP request to server the developer has implemented query parameter for sending data to server.
Query parameter could use either GET HTTP method or POST HTTP method (but this is uncommon) for request methods. But mainly it is GET HTTP method usage.
Ex:
https://www.mysite.com/getsecret?username=cella&password=messi
Assuming there is a successful man-in-the-middle attack (i.e. an attacker which does intercept the connection, and presents a forged server certificate which your browser accepts) could lead to many other attacks namely, data stealing, manipulation, request forgery, etc.
Parameter values are also seen in browser address bar to other users.
In case of financial or banking web application many times the transaction-id and amount are sent using query parameters.
Ex:
https://www.mysite.com/getsecret?order-id=144121&amt=1400&acct=2188974568