diff --git a/plugins/woocommerce/templates/emails/plain/customer-refunded-order.php b/plugins/woocommerce/templates/emails/plain/customer-refunded-order.php
index a6626d37165..69fbf7351a8 100644
--- a/plugins/woocommerce/templates/emails/plain/customer-refunded-order.php
+++ b/plugins/woocommerce/templates/emails/plain/customer-refunded-order.php
@@ -22,7 +22,7 @@ echo esc_html( wp_strip_all_tags( $email_heading ) );
 echo "\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n\n";
 
 /* translators: %s: Customer first name */
-echo sprintf( esc_html__( 'Hi %s,', 'woocommerce' ), $order->get_billing_first_name() ) . "\n\n"; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped
+echo sprintf( esc_html__( 'Hi %s,', 'woocommerce' ), esc_html( $order->get_billing_first_name() ) ) . "\n\n";
 if ( $partial_refund ) {
 	/* translators: %s: Site title */
 	echo sprintf( esc_html__( 'Your order on %s has been partially refunded. There are more details below for your reference:', 'woocommerce' ), wp_specialchars_decode( get_option( 'blogname' ), ENT_QUOTES ) ) . "\n\n"; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped