diff --git a/includes/collection/class-follow-requests.php b/includes/collection/class-follow-requests.php
index 2207ef4..ddbd41f 100644
--- a/includes/collection/class-follow-requests.php
+++ b/includes/collection/class-follow-requests.php
@@ -30,10 +30,10 @@ class Follow_Requests {
 	public static function get_follow_requests_for_user( $user_id, $per_page, $page_num, $args ) {
 		$order   = isset( $args['order'] ) && strtolower( $args['order'] ) === 'asc' ? 'ASC' : 'DESC';
 		$orderby = isset( $args['orderby'] ) ? sanitize_text_field( $args['orderby'] ) : 'published';
-		$search  =  isset( $args['s'] ) ? sanitize_text_field( $args['s'] ) : '';
+		$search  = isset( $args['s'] ) ? sanitize_text_field( $args['s'] ) : '';
 
 		$offset = (int) $per_page * ( (int) $page_num - 1 );
-		
+
 		global $wpdb;
 		$follow_requests = $wpdb->get_results(
 			$wpdb->prepare(
@@ -42,16 +42,18 @@ class Follow_Requests {
 				 LEFT JOIN {$wpdb->posts} AS follower ON follow_request.post_parent = follower.ID
 				 LEFT JOIN {$wpdb->postmeta} AS meta ON follow_request.ID = meta.post_id
 				 WHERE follow_request.post_type = 'ap_follow_request'
-				 AND (follower.post_title LIKE '%{$wpdb->esc_like( $search )}%' OR follower.guid LIKE '%{$wpdb->esc_like( $search )}%')
+				 AND (follower.post_title LIKE %s OR follower.guid LIKE %s)
 				 AND meta.meta_key = 'activitypub_user_id'
 				 AND meta.meta_value = %s
 				 ORDER BY %s %s
 				 LIMIT %d OFFSET %d",
+				'%' . $wpdb->esc_like( $search ) . '%',
+				'%' . $wpdb->esc_like( $search ) . '%',
 				$user_id,
 				$orderby,
 				$order,
 				$per_page,
-				$offset,
+				$offset
 			)
 		);
 		$current_total_items = $wpdb->get_var( 'SELECT FOUND_ROWS()' );
diff --git a/includes/table/class-follow-requests.php b/includes/table/class-follow-requests.php
index 3f62d3a..8c0f831 100644
--- a/includes/table/class-follow-requests.php
+++ b/includes/table/class-follow-requests.php
@@ -182,7 +182,7 @@ class Follow_Requests extends WP_List_Table {
 		global $_REQUEST;
 		$follow_action = isset( $_REQUEST['follow_action'] ) ? sanitize_title( wp_unslash( $_REQUEST['follow_action'] ) ) : null;
 		$follow_request_id = isset( $_REQUEST['follow_request'] ) ? (int) $_REQUEST['follow_request'] : null;
-		$wp_nonce   = isset( $_REQUEST['_wpnonce'] ) ? (string) $_REQUEST['_wpnonce'] : null;
+		$wp_nonce   = isset( $_REQUEST['_wpnonce'] ) ? sanitize_title( wp_unslash( $_REQUEST['_wpnonce'] ) ) : null;
 		if ( ! $follow_action || ! $follow_request_id || ! $wp_nonce ) {
 			return;
 		}