diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php
index d75908261e..95046d0437 100644
--- a/wp-includes/pluggable.php
+++ b/wp-includes/pluggable.php
@@ -1700,6 +1700,7 @@ function get_avatar( $id_or_email, $size = '96', $default = '', $alt = false ) {
 		if ( !empty( $rating ) )
 			$out .= "&amp;r={$rating}";
 
+		$out = esc_url( $out );
 		$avatar = "<img alt='{$safe_alt}' src='{$out}' class='avatar avatar-{$size} photo' height='{$size}' width='{$size}' />";
 	} else {
 		$avatar = "<img alt='{$safe_alt}' src='{$default}' class='avatar avatar-{$size} photo avatar-default' height='{$size}' width='{$size}' />";
