Index: includes/common/template.php
===================================================================
--- includes/common/template.php	(revision 7250)
+++ includes/common/template.php	(working copy)
@@ -1338,7 +1338,7 @@
 	// Make sure we are directing somewhere
 	if ( empty( $redirect_to ) ) {
 		if ( isset( $_SERVER['REQUEST_URI'] ) ) {
-			$redirect_to = bbp_get_url_scheme() . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
+			$redirect_to = bbp_get_url_scheme() . sanitize_text_field( $_SERVER['HTTP_HOST'] ) . sanitize_text_field( $_SERVER['REQUEST_URI'] );
 		} else {
 			$redirect_to = wp_get_referer();
 		}
Index: includes/search/functions.php
===================================================================
--- includes/search/functions.php	(revision 7250)
+++ includes/search/functions.php	(working copy)
@@ -116,7 +116,7 @@
 
 	// Get search terms if requested
 	$terms = ! empty( $_REQUEST[ $query_arg ] )
-		? $_REQUEST[ $query_arg ]
+		? sanitize_text_field( $_REQUEST[ $query_arg ] )
 		: false;
 
 	// Bail if query argument does not exist
Index: includes/users/engagements.php
===================================================================
--- includes/users/engagements.php	(revision 7250)
+++ includes/users/engagements.php	(working copy)
@@ -878,7 +878,7 @@
 
 		// Redirect back from whence we came
 		if ( ! empty( $_REQUEST['redirect_to'] ) ) {
-			$redirect = $_REQUEST['redirect_to']; // Validated later
+			$redirect = sanitize_text_field( $_REQUEST['redirect_to'] ); // Validated later
 		} elseif ( bbp_is_subscriptions() ) {
 			$redirect = bbp_get_subscriptions_permalink( $user_id );
 		} elseif ( bbp_is_single_user() ) {