diff --git a/includes/admin/class-sp-admin-dashboard.php b/includes/admin/class-sp-admin-dashboard.php
index cd7b2eaa..bafd2ddd 100644
--- a/includes/admin/class-sp-admin-dashboard.php
+++ b/includes/admin/class-sp-admin-dashboard.php
@@ -79,7 +79,7 @@ class SP_Admin_Dashboard {
               <li class="countdown" data-countdown="<?php echo str_replace( '-', '/', get_gmt_from_date( $next_event->post_date ) ); ?>">
                   <a href="<?php echo get_edit_post_link( $next_event->ID ); ?>">
                       <?php printf( __( '<strong>%s</strong> until next event', 'sportspress' ), $interval->days . ' ' . __( 'days', 'sportspress' ) . ' ' . sprintf( '%02s:%02s:%02s', $interval->h, $interval->i, $interval->s ) ); ?>
-                      (<?php echo esc_attr( $next_event->post_title ); ?>)
+                      (<?php echo esc_html( $next_event->post_title ); ?>)
                   </a>
               </li>
           <?php endif; ?>
@@ -113,7 +113,7 @@ class SP_Admin_Dashboard {
       <div class="rss-widget">
         <ul>
           <?php foreach ($rss_items as $item) { ?>
-          <li><a class="rsswidget" href="<?php echo esc_url( $item->get_permalink() ); ?>" target="_blank"><?php echo esc_attr( $item->get_title() ); ?></a> <span class="rss-date"><?php echo esc_attr( $item->get_date('j F Y') ); ?></span></li>
+          <li><a class="rsswidget" href="<?php echo esc_url( $item->get_permalink() ); ?>" target="_blank"><?php echo esc_attr( $item->get_title() ); ?></a> <span class="rss-date"><?php echo esc_html( $item->get_date('j F Y') ); ?></span></li>
           <?php } ?>
         </ul>
       </div>
diff --git a/includes/admin/class-sp-admin-setup-wizard.php b/includes/admin/class-sp-admin-setup-wizard.php
index a3b9c55b..27433d3b 100644
--- a/includes/admin/class-sp-admin-setup-wizard.php
+++ b/includes/admin/class-sp-admin-setup-wizard.php
@@ -140,7 +140,7 @@ class SP_Admin_Setup_Wizard {
     <head>
       <meta name="viewport" content="width=device-width" />
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-      <title><?php _e( 'SportsPress', 'sportspress' ); ?> &rsaquo; <?php echo esc_attr( $this->steps[ $this->step ]['name'] ); ?></title>
+      <title><?php _e( 'SportsPress', 'sportspress' ); ?> &rsaquo; <?php echo esc_html( $this->steps[ $this->step ]['name'] ); ?></title>
       <?php do_action( 'admin_print_styles' ); ?>
       <?php do_action( 'admin_head' ); ?>
     </head>
@@ -264,7 +264,7 @@ class SP_Admin_Setup_Wizard {
                   <?php
                   foreach ( $options as $key => $val ) {
                     ?>
-                    <option value="<?php echo esc_attr( $key ); ?>" <?php selected( $sport, $key ); ?>><?php echo esc_attr( $val ); ?></option>
+                    <option value="<?php echo esc_attr( $key ); ?>" <?php selected( $sport, $key ); ?>><?php echo esc_html( $val ); ?></option>
                     <?php
                   }
                   ?>
@@ -604,7 +604,7 @@ class SP_Admin_Setup_Wizard {
           if ( ! is_object( $obj ) ) continue;
           ?>
           <tr>
-            <th scope="row"><?php echo esc_attr( $obj->labels->singular_name ); ?></th>
+            <th scope="row"><?php echo esc_html( $obj->labels->singular_name ); ?></th>
             <td><?php echo wp_kses_post( $description ); ?></td>
           </tr>
         <?php } ?>
@@ -779,7 +779,7 @@ class SP_Admin_Setup_Wizard {
     <div class="sp-setup-next-steps">
       <?php foreach ( $steps as $class => $step ) { ?>
         <div class="sp-setup-next-steps-<?php echo esc_attr( $class ); ?>">
-          <h2><?php echo esc_attr( $step['label'] ); ?></h2>
+          <h2><?php echo esc_html( $step['label'] ); ?></h2>
           <ul>
             <li><?php echo wp_kses_post( $step['content'] ); ?></li>
           </ul>
diff --git a/includes/admin/importers/class-sp-event-importer.php b/includes/admin/importers/class-sp-event-importer.php
index b297d114..79534ded 100644
--- a/includes/admin/importers/class-sp-event-importer.php
+++ b/includes/admin/importers/class-sp-event-importer.php
@@ -475,7 +475,7 @@ if ( class_exists( 'WP_Importer' ) ) {
 									<?php
 										foreach( (new SP_Formats)->event as $name => $title ) {
 											?>
-											<li><input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $name ); ?>" checked="checked"> <label for="post-format-<?php echo esc_attr( $name ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $name ); ?>"><?php echo esc_attr( $title ); ?></label></li>
+											<li><input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $name ); ?>" checked="checked"> <label for="post-format-<?php echo esc_attr( $name ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $name ); ?>"><?php echo esc_html( $title ); ?></label></li>
 											<?php
 										}
 									?>
diff --git a/includes/admin/importers/class-sp-importer.php b/includes/admin/importers/class-sp-importer.php
index 78c91b96..7fa3a76d 100644
--- a/includes/admin/importers/class-sp-importer.php
+++ b/includes/admin/importers/class-sp-importer.php
@@ -101,7 +101,7 @@ if ( class_exists( 'WP_Importer' ) ) {
 			<select name="sp_columns[]" data-index="<?php echo array_search( $selected, array_keys( $this->columns ) ); ?>">
 				<option value="0">&mdash; <?php _e( 'Disable', 'sportspress' ); ?> &mdash;</option>
 				<?php foreach ( $this->columns as $key => $label ): ?>
-					<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $selected, $key ); ?>><?php echo esc_attr( $label ); ?></option>
+					<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $selected, $key ); ?>><?php echo esc_html( $label ); ?></option>
 				<?php endforeach; ?>
 			</select>
 			<?php
diff --git a/includes/admin/post-types/class-sp-admin-cpt-calendar.php b/includes/admin/post-types/class-sp-admin-cpt-calendar.php
index 19e8f0a6..67dd2f58 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-calendar.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-calendar.php
@@ -82,7 +82,7 @@ class SP_Admin_CPT_Calendar extends SP_Admin_CPT {
 						if ( ! $team_id ) continue;
 						$team = get_post( $team_id );
 						if ( $team ):
-							echo esc_attr( $team->post_title );
+							echo esc_html( $team->post_title );
 							if ( $team_id == $current_team ):
 								echo '<span class="dashicons dashicons-yes" title="' . __( 'Current Team', 'sportspress' ) . '"></span>';
 							endif;
diff --git a/includes/admin/post-types/class-sp-admin-cpt-column.php b/includes/admin/post-types/class-sp-admin-cpt-column.php
index 053e422b..b8003fc7 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-column.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-column.php
@@ -58,20 +58,20 @@ class SP_Admin_CPT_Column extends SP_Admin_CPT {
 		switch ( $column ):
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name );
+				echo esc_html( $post->post_name );
 				break;
 			case 'sp_equation':
-				echo sp_get_post_equation( $post_id );
+				echo esc_html( sp_get_post_equation( $post_id ) );
 				break;
 			case 'sp_precision':
-				echo sp_get_post_precision( $post_id );
+				echo esc_html( sp_get_post_precision( $post_id ) );
 				break;
 			case 'sp_order':
-				echo sp_get_post_order( $post_id );
+				echo esc_html( sp_get_post_order( $post_id ) );
 				break;
 			case 'sp_description':
 				global $post;
-				echo '<span class="description">' . $post->post_excerpt . '</span>';
+				echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
 				break;
 		endswitch;
 	}
diff --git a/includes/admin/post-types/class-sp-admin-cpt-event.php b/includes/admin/post-types/class-sp-admin-cpt-event.php
index cd33a221..1e0a2db4 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-event.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-event.php
@@ -220,7 +220,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
 
 								echo '<a class="sp-result sp-tip" tabindex="10" title="' . esc_attr( $team_results ) . '" data-team="' . esc_attr( $team_id ) . '" href="#">' . ( $team_result == '' ? '-' : apply_filters( 'sportspress_event_team_result_admin', $team_result, $post_id, $team_id ) ) . '</a>';
 								echo '<input type="text" tabindex="10" class="sp-edit-result hidden small-text" data-team="' . esc_attr( $team_id ) . '" data-key="' . esc_attr( $main_result ) . '" value="' . esc_attr( $team_result ) . '"> ';
-								echo esc_attr( $team->post_title );
+								echo esc_html( $team->post_title );
 								echo '<br>';
 							endif;
 						endforeach;
@@ -248,7 +248,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
 			case 'sp_day':
 				$day = get_post_meta ( $post_id, 'sp_day', true );
 				if ( '' === $day ) $day = __( 'Default', 'sportspress' );
-				echo esc_attr( $day );
+				echo esc_html( $day );
 				break;
 		endswitch;
 	}
diff --git a/includes/admin/post-types/class-sp-admin-cpt-list.php b/includes/admin/post-types/class-sp-admin-cpt-list.php
index 337233c5..003f9dd1 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-list.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-list.php
@@ -85,7 +85,7 @@ class SP_Admin_CPT_List extends SP_Admin_CPT {
 					foreach( $teams as $team_id ):
 						if ( ! $team_id ) continue;
 						$team = get_post( $team_id );
-						if ( $team ) echo esc_attr( $team->post_title ) . '<br>';
+						if ( $team ) echo esc_html( $team->post_title ) . '<br>';
 					endforeach;
 				endif;
 				break;
diff --git a/includes/admin/post-types/class-sp-admin-cpt-metric.php b/includes/admin/post-types/class-sp-admin-cpt-metric.php
index 92887585..4293858a 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-metric.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-metric.php
@@ -55,11 +55,11 @@ class SP_Admin_CPT_Metric extends SP_Admin_CPT {
 		switch ( $column ):
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name );
+				echo esc_html( $post->post_name );
 				break;
 			case 'sp_description':
 				global $post;
-				echo '<span class="description">' . $post->post_excerpt . '</span>';
+				echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
 				break;
 		endswitch;
 	}
diff --git a/includes/admin/post-types/class-sp-admin-cpt-outcome.php b/includes/admin/post-types/class-sp-admin-cpt-outcome.php
index e9bf8802..73fbe870 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-outcome.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-outcome.php
@@ -56,15 +56,15 @@ class SP_Admin_CPT_Outcome extends SP_Admin_CPT {
 		switch ( $column ):
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name );
+				echo esc_html( $post->post_name );
 				break;
 			case 'sp_abbreviation':
 				global $post;
-				echo sp_get_post_abbreviation( $post->ID );
+				echo esc_html( sp_get_post_abbreviation( $post->ID ) );
 				break;
 			case 'sp_description':
 				global $post;
-				echo '<span class="description">' . $post->post_excerpt . '</span>';
+				echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
 				break;
 		endswitch;
 	}
diff --git a/includes/admin/post-types/class-sp-admin-cpt-performance.php b/includes/admin/post-types/class-sp-admin-cpt-performance.php
index 58d6cc40..1425ad85 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-performance.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-performance.php
@@ -61,19 +61,19 @@ class SP_Admin_CPT_Performance extends SP_Admin_CPT {
 				break;
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name );
+				echo esc_html( $post->post_name );
 				break;
 			case 'sp_section':
 				global $post;
-				echo sp_get_post_section( $post->ID );
+				echo esc_html( sp_get_post_section( $post->ID ) );
 				break;
 			case 'sp_config_format':
 				global $post;
-				echo sp_get_post_format( $post->ID );
+				echo esc_html( sp_get_post_format( $post->ID ) );
 				break;
 			case 'sp_description':
 				global $post;
-				echo '<span class="description">' . $post->post_excerpt . '</span>';
+				echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
 				break;
 		endswitch;
 	}
diff --git a/includes/admin/post-types/class-sp-admin-cpt-player.php b/includes/admin/post-types/class-sp-admin-cpt-player.php
index 1a67ee4a..df584d6b 100755
--- a/includes/admin/post-types/class-sp-admin-cpt-player.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-player.php
@@ -110,7 +110,7 @@ class SP_Admin_CPT_Player extends SP_Admin_CPT {
 						if ( ! $team_id ) continue;
 						$team = get_post( $team_id );
 						if ( $team ):
-							echo esc_attr( $team->post_title );
+							echo esc_html( $team->post_title );
 							if ( in_array( $team_id, $current_teams ) ):
 								echo '<span class="dashicons dashicons-yes" title="' . __( 'Current Team', 'sportspress' ) . '"></span>';
 							endif;
@@ -257,14 +257,14 @@ class SP_Admin_CPT_Player extends SP_Admin_CPT {
 				<input type="hidden" name="sp_current_team[]" value="0">
 				<ul class="cat-checklist">
 					<?php foreach ( $teams as $team ) { ?>
-					<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_current_team[]"> <?php echo esc_attr( $team->post_title ); ?></label></li>
+					<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_current_team[]"> <?php echo esc_html( $team->post_title ); ?></label></li>
 					<?php } ?>
 				</ul>
 				<span class="title inline-edit-categories-label"><?php _e( 'Past Teams', 'sportspress' ); ?></span>
 				<input type="hidden" name="sp_past_team[]" value="0">
 				<ul class="cat-checklist">
 					<?php foreach ( $teams as $team ) { ?>
-					<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_past_team[]"> <?php echo esc_attr( $team->post_title ); ?></label></li>
+					<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_past_team[]"> <?php echo esc_html( $team->post_title ); ?></label></li>
 					<?php } ?>
 				</ul>
 			</div>
diff --git a/includes/admin/post-types/class-sp-admin-cpt-result.php b/includes/admin/post-types/class-sp-admin-cpt-result.php
index 045bee9b..36173767 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-result.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-result.php
@@ -55,7 +55,7 @@ class SP_Admin_CPT_Result extends SP_Admin_CPT {
 		switch ( $column ):
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name ) . 'for, ' . esc_attr( $post->post_name ) . 'against';
+				echo esc_html( $post->post_name ) . 'for, ' . esc_html( $post->post_name ) . 'against';
 				break;
 			case 'sp_description':
 				global $post;
diff --git a/includes/admin/post-types/class-sp-admin-cpt-spec.php b/includes/admin/post-types/class-sp-admin-cpt-spec.php
index 668f52fe..9354fa3f 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-spec.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-spec.php
@@ -55,11 +55,11 @@ class SP_Admin_CPT_Spec extends SP_Admin_CPT {
 		switch ( $column ):
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name );
+				echo esc_html( $post->post_name );
 				break;
 			case 'sp_description':
 				global $post;
-				echo '<span class="description">' . $post->post_excerpt . '</span>';
+				echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
 				break;
 		endswitch;
 	}
diff --git a/includes/admin/post-types/class-sp-admin-cpt-staff.php b/includes/admin/post-types/class-sp-admin-cpt-staff.php
index aa66079e..57e2b0ad 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-staff.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-staff.php
@@ -92,7 +92,7 @@ class SP_Admin_CPT_Staff extends SP_Admin_CPT {
 						if ( ! $team_id ) continue;
 						$team = get_post( $team_id );
 						if ( $team ):
-							echo esc_attr( $team->post_title );
+							echo esc_html( $team->post_title );
 							if ( in_array( $team_id, $current_teams ) ):
 								echo '<span class="dashicons dashicons-yes" title="' . __( 'Current Team', 'sportspress' ) . '"></span>';
 							endif;
diff --git a/includes/admin/post-types/class-sp-admin-cpt-statistic.php b/includes/admin/post-types/class-sp-admin-cpt-statistic.php
index 016b3736..aa4b7e98 100644
--- a/includes/admin/post-types/class-sp-admin-cpt-statistic.php
+++ b/includes/admin/post-types/class-sp-admin-cpt-statistic.php
@@ -61,13 +61,13 @@ class SP_Admin_CPT_Statistic extends SP_Admin_CPT {
 				break;
 			case 'sp_key':
 				global $post;
-				echo esc_attr( $post->post_name );
+				echo esc_html( $post->post_name );
 				break;
 			case 'sp_equation':
-				echo sp_get_post_equation( $post_id );
+				echo esc_html( sp_get_post_equation( $post_id ) );
 				break;
 			case 'sp_precision':
-				echo sp_get_post_precision( $post_id );
+				echo esc_html( sp_get_post_precision( $post_id ) );
 				break;
 			case 'sp_description':
 				global $post;
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php
index 38662710..4685a4af 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php
@@ -24,7 +24,7 @@ class SP_Meta_Box_Calendar_Format {
 		?>
 		<div id="post-formats-select">
 			<?php foreach ( SP()->formats->calendar as $key => $format ): ?>
-				<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'calendar' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></label><br>
+				<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'calendar' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></label><br>
 			<?php endforeach; ?>
 		</div>
 		<?php
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-player-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-player-details.php
index 129ea771..fef7ee0c 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-player-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-player-details.php
@@ -85,7 +85,7 @@ class SP_Meta_Box_Player_Details {
 			<?php foreach ( $continents as $continent => $countries ): ?>
 				<optgroup label="<?php echo esc_attr( $continent ); ?>">
 					<?php foreach ( $countries as $code => $country ): ?>
-						<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_attr( $country ); ?></option>
+						<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_html( $country ); ?></option>
 					<?php endforeach; ?>
 				</optgroup>
 			<?php endforeach; ?>
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-details.php
index 42926f06..2de7249f 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-details.php
@@ -81,7 +81,7 @@ class SP_Meta_Box_Table_Details {
 			do_action( 'sportspress_meta_box_table_details', $post->ID );
 			?>
 			<p><strong>
-				<?php echo sp_get_post_mode_label( $post->ID ); ?>
+				<?php echo esc_html( sp_get_post_mode_label( $post->ID ) ); ?>
 			</strong></p>
 			<p class="sp-select-setting">
 				<select name="sp_select">
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-format.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-format.php
index 414c1f6f..39db36c8 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-format.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-table-format.php
@@ -24,7 +24,7 @@ class SP_Meta_Box_Table_Format {
 		?>
 		<div id="post-formats-select">
 			<?php foreach ( SP()->formats->table as $key => $format ): ?>
-				<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'standings' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></label><br>
+				<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'standings' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></label><br>
 			<?php endforeach; ?>
 		</div>
 		<?php
diff --git a/includes/admin/views/html-admin-config.php b/includes/admin/views/html-admin-config.php
index 25557956..f91e09fc 100644
--- a/includes/admin/views/html-admin-config.php
+++ b/includes/admin/views/html-admin-config.php
@@ -39,8 +39,8 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
 							<tr<?php if ( $i % 2 == 0 ) echo ' class="alternate"'; ?>>
 								<td class="row-title"><?php echo esc_attr( $row->post_title ); ?></td>
 								<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
-								<td><?php echo sp_get_post_abbreviation( $row->ID ); ?></td>
-								<td><?php echo sp_get_post_condition( $row->ID ); ?></td>
+								<td><?php echo esc_html( sp_get_post_abbreviation( $row->ID ) ); ?></td>
+								<td><?php echo esc_html( sp_get_post_condition( $row->ID ) ); ?></td>
 								<td><p class="description"><?php echo wp_kses_post( $row->post_excerpt ); ?></p></td>
 								<td class="edit"><a class="button" href="<?php echo get_edit_post_link( $row->ID ); ?>"><?php _e( 'Edit', 'sportspress' ); ?></s></td>
 							</tr>
@@ -216,8 +216,8 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
 									</td>
 									<td class="row-title"><?php echo esc_html( $row->post_title ); ?></td>
 									<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
-									<td><?php echo sp_get_post_section( $row->ID ); ?></td>
-									<td><?php echo sp_get_post_format( $row->ID ); ?></td>
+									<td><?php echo esc_html( sp_get_post_section( $row->ID ) ); ?></td>
+									<td><?php echo esc_html( sp_get_post_format( $row->ID ) ); ?></td>
 									<?php if ( 'auto' === $columns ) { ?>
 										<td>
 											<?php if ( $visible ) { ?><i class="dashicons dashicons-yes"></i><?php } else { ?>&nbsp;<?php } ?>