diff --git a/includes/class-give-donate-form.php b/includes/class-give-donate-form.php
index 293668043c..1193dea4d3 100644
--- a/includes/class-give-donate-form.php
+++ b/includes/class-give-donate-form.php
@@ -814,6 +814,10 @@ public function get_type() {
 	 * @return string
 	 */
 	public function get_form_classes( $args ) {
+        /**
+         * @unreleased sanitize $args
+         */
+        $args = give_clean($args);
 
 		$float_labels_option = give_is_float_labels_enabled( $args )
 			? 'float-labels-enabled'
@@ -850,6 +854,11 @@ public function get_form_classes( $args ) {
 	 * @return string
 	 */
 	public function get_form_wrap_classes( $args ) {
+        /**
+         * @unreleased sanitize $args
+         */
+        $args = give_clean($args);
+
 		$custom_class = [
 			'give-form-wrap',
 		];
diff --git a/includes/forms/template.php b/includes/forms/template.php
index 0b3b59e2ea..a7b7945012 100644
--- a/includes/forms/template.php
+++ b/includes/forms/template.php
@@ -27,6 +27,11 @@ function give_get_donation_form( $args = [] ) {
 	global $post;
 	static $count = 1;
 
+    /**
+     * @unreleased sanitize $args
+     */
+    $args = give_clean($args);
+
 	$args = wp_parse_args( $args, give_get_default_form_shortcode_args() );
 
 	// Backward compatibility for `form_id` function param.