diff --git a/src/StoreApi/Utilities/ProductQueryFilters.php b/src/StoreApi/Utilities/ProductQueryFilters.php
index 249e872a7f0..ba957489592 100644
--- a/src/StoreApi/Utilities/ProductQueryFilters.php
+++ b/src/StoreApi/Utilities/ProductQueryFilters.php
@@ -102,7 +102,7 @@ private function generate_stock_status_count_query( $status, $product_query_sql,
 			return false;
 		}
 		global $wpdb;
-
+		$status = esc_sql( $status );
 		return "
 			SELECT COUNT( DISTINCT posts.ID ) as status_count
 			FROM {$wpdb->posts} as posts