diff --git a/wp-admin/edit-tag-form.php b/wp-admin/edit-tag-form.php
index b6da6c6687..ec40fcc52e 100644
--- a/wp-admin/edit-tag-form.php
+++ b/wp-admin/edit-tag-form.php
@@ -44,7 +44,7 @@ if ( 'category' === $taxonomy ) {
 	do_action_deprecated( 'edit_tag_form_pre', array( $tag ), '3.0.0', '{$taxonomy}_pre_edit_form' );
 }
 
-$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';
+$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_url( $_REQUEST['wp_http_referer'] ) : '';
 $wp_http_referer = remove_query_arg( array( 'action', 'message', 'tag_ID' ), $wp_http_referer );
 
 // Also used by Edit Tags.
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 55ed2749f6..3f74baa856 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -14,7 +14,7 @@ require_once ABSPATH . 'wp-admin/includes/translation-install.php';
 
 $action          = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
 $user_id         = ! empty( $_REQUEST['user_id'] ) ? absint( $_REQUEST['user_id'] ) : 0;
-$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';
+$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_url( $_REQUEST['wp_http_referer'] ) : '';
 
 $current_user = wp_get_current_user();
 
diff --git a/wp-includes/version.php b/wp-includes/version.php
index f004b12f15..917192e5e2 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -16,7 +16,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '6.8-alpha-59495';
+$wp_version = '6.8-alpha-59496';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.