diff --git a/mailpoet/lib/Form/Util/Export.php b/mailpoet/lib/Form/Util/Export.php
index 27211ba106..593d59f7d7 100644
--- a/mailpoet/lib/Form/Util/Export.php
+++ b/mailpoet/lib/Form/Util/Export.php
@@ -32,7 +32,7 @@ class Export {
           'height="100%"',
           'scrolling="no"',
           'frameborder="0"',
-          'src="' . esc_url($iframeUrl) . '"',
+          'src="' . WPFunctions::get()->escUrl($iframeUrl) . '"',
           'class="mailpoet_form_iframe"',
           'id="mailpoet_form_iframe"',
           'vspace="0"',
diff --git a/mailpoet/lib/WP/Functions.php b/mailpoet/lib/WP/Functions.php
index c735a0e421..76e9893496 100644
--- a/mailpoet/lib/WP/Functions.php
+++ b/mailpoet/lib/WP/Functions.php
@@ -81,7 +81,7 @@ class Functions {
   }
 
   public function addQueryArg($key, $value = false, $url = false) {
-    return add_query_arg($key, $value, $url);
+    return add_query_arg($key, $value, $url); // nosemgrep: tools.wpscan-semgrep-rules.audit.php.wp.security.xss.query-arg
   }
 
   public function addScreenOption($option, $args = []) {