diff --git a/includes/classes/Indexable/User/User.php b/includes/classes/Indexable/User/User.php
index 571a1509ec..c68ec9db21 100644
--- a/includes/classes/Indexable/User/User.php
+++ b/includes/classes/Indexable/User/User.php
@@ -728,11 +728,17 @@ public function query_db( $args ) {
 			$args['order'] = 'desc';
 		}
 
+		/**
+		 * Sanitize the ORDER BY clause
+		 */
+		$orderby_args = sanitize_sql_orderby( "{$args['orderby']} {$args['order']}" );
+		$orderby      = $orderby_args ? sprintf( 'ORDER BY %s', $orderby_args ) : '';
+
 		/**
 		 * WP_User_Query doesn't let us get users across all blogs easily. This is the best
 		 * way to do that.
 		 */
-		$objects = $wpdb->get_results( $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS ID FROM {$wpdb->users} ORDER BY %s %s LIMIT %d, %d", $args['orderby'], $args['orderby'], (int) $args['offset'], (int) $args['number'] ) );
+		$objects = $wpdb->get_results( $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS ID FROM {$wpdb->users} %s LIMIT %d, %d", $orderby, (int) $args['offset'], (int) $args['number'] ) );
 
 		return [
 			'objects'       => $objects,