diff --git a/includes/class-wc-comments.php b/includes/class-wc-comments.php
index 368e953dd09..a36be39d9c1 100644
--- a/includes/class-wc-comments.php
+++ b/includes/class-wc-comments.php
@@ -356,21 +356,24 @@ class WC_Comments {
 			return array();
 		}
 
-		$product_id_string = implode( "','", array_map( 'esc_sql', $product_ids ) );
+		$product_id_string_placeholder = substr( str_repeat( ',%s', count( $product_ids ) ), 1 );
 
 		$review_counts = $wpdb->get_results(
-			// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
-			"
-				SELECT comment_post_ID as product_id, COUNT( comment_post_ID ) as review_count
-				FROM $wpdb->comments
-				WHERE
-					comment_parent = 0
-					AND comment_post_ID IN ( '$product_id_string' )
-					AND comment_approved = '1'
-					AND comment_type in ( 'review', '', 'comment' )
-				GROUP BY product_id
-			",
-			// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared
+			// phpcs:disable WordPress.DB.PreparedSQL.InterpolatedNotPrepared -- Ignored for allowing interpolation in IN query.
+			$wpdb->prepare(
+				"
+					SELECT comment_post_ID as product_id, COUNT( comment_post_ID ) as review_count
+					FROM $wpdb->comments
+					WHERE
+						comment_parent = 0
+						AND comment_post_ID IN ( $product_id_string_placeholder )
+						AND comment_approved = '1'
+						AND comment_type in ( 'review', '', 'comment' )
+					GROUP BY product_id
+				",
+				$product_ids
+			),
+			// phpcs:enable WordPress.DB.PreparedSQL.InterpolatedNotPrepared.
 			ARRAY_A
 		);
 
diff --git a/includes/wc-update-functions.php b/includes/wc-update-functions.php
index 00f983112f5..439095d5482 100644
--- a/includes/wc-update-functions.php
+++ b/includes/wc-update-functions.php
@@ -2236,7 +2236,7 @@ function wc_update_500_fix_product_review_count() {
 			"
 				SELECT post_id, meta_value
 				FROM $wpdb->postmeta
-				JOIN $wpdb->posts 
+				JOIN $wpdb->posts
 					ON $wpdb->postmeta.post_id = $wpdb->posts.ID
 				WHERE
 					post_type = 'product'
@@ -2278,7 +2278,7 @@ function wc_update_500_fix_product_review_count() {
 }
 
 /**
- * Update DB version to 4.5.0.
+ * Update DB version to 5.0.0.
  */
 function wc_update_500_db_version() {
 	WC_Install::update_db_version( '5.0.0' );