diff --git a/includes/admin/class-wc-admin-post-types.php b/includes/admin/class-wc-admin-post-types.php
index b1988684ec3..1c238cb1d9a 100644
--- a/includes/admin/class-wc-admin-post-types.php
+++ b/includes/admin/class-wc-admin-post-types.php
@@ -386,7 +386,7 @@ class WC_Admin_Post_Types {
echo '';
} else {
// Assuming that we have other types in future
- echo '';
+ echo '';
}
break;
case 'price' :
@@ -519,10 +519,10 @@ class WC_Admin_Post_Types {
switch ( $column ) {
case 'order_status' :
- printf( '%s', sanitize_title( $the_order->get_status() ), wc_get_order_status_name( $the_order->get_status() ), wc_get_order_status_name( $the_order->get_status() ) );
+ printf( '%s', esc_attr( sanitize_html_class( $the_order->get_status() ) ), esc_attr( wc_get_order_status_name( $the_order->get_status() ) ), esc_html( wc_get_order_status_name( $the_order->get_status() ) ) );
break;
case 'order_date' :
- printf( '', date( 'c', $the_order->get_date_created() ), date_i18n( __( 'Y-m-d', 'woocommerce' ), $the_order->get_date_created() ) );
+ printf( '', esc_attr( date( 'c', $the_order->get_date_created() ) ), esc_html( date_i18n( __( 'Y-m-d', 'woocommerce' ), $the_order->get_date_created() ) ) );
break;
case 'customer_message' :
if ( $the_order->get_customer_note() ) {
diff --git a/templates/myaccount/my-orders.php b/templates/myaccount/my-orders.php
index 40e78cbaf3f..e27c686653c 100644
--- a/templates/myaccount/my-orders.php
+++ b/templates/myaccount/my-orders.php
@@ -56,10 +56,10 @@ if ( $customer_orders ) : ?>
-
+
- get_status() ); ?>
+ get_status() ) ); ?>
-
+
- get_status() ); ?>
+ get_status() ) ); ?>