diff --git a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
index 0474807df..ff13fade3 100644
--- a/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
+++ b/plugins/change-password-cyberpanel/ChangePasswordCyberPanel.php
@@ -99,16 +99,16 @@ class ChangePasswordCyberPanel implements \RainLoop\Providers\ChangePassword\Cha
 
 		try
 		{
-			$sEmail = $oAccount->Email();
-			$sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
-			$sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail);
+			$sEmail = mysqli_real_escape_string($db, $oAccount->Email());
+			$sEmailUser = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail));
+			$sEmailDomain = mysqli_real_escape_string($db, \MailSo\Base\Utils::GetDomainFromEmail($sEmail));
 
 			$password_check_query = "SELECT * FROM e_users WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
 			$result = mysqli_query($db, $password_check_query);
 			$password_check = mysqli_fetch_assoc($result);
             
 			if (password_verify($sPrevPassword, substr($password_check['password'], 7))) {
-				$hashed_password = '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT);
+				$hashed_password = mysqli_real_escape_string($db, '{CRYPT}'.password_hash($sNewPassword, PASSWORD_BCRYPT))
 				$password_update_query = "UPDATE e_users SET password = '$hashed_password' WHERE emailOwner_id = '$sEmailDomain' AND email = '$sEmail'";
 				mysqli_query($db, $password_update_query);
 				$bResult = true;