- __( 'There is a pending change of your email to %1$s. <a href="%2$s">Cancel</a>' ),
- '<code>' . $new_email['newemail'] . '</code>',
- esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) )
- ); ?></p>
+ /* translators: %s: new email */
+ __( 'There is a pending change of your email to %s.' ),
+ '<code>' . esc_html( $new_email['newemail'] ) . '</code>'
+ );
+ printf(
+ ' <a href="%1$s">%2$s</a>',
+ esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ),
+ __( 'Cancel' )
+ );
+ ?></p>