diff --git wp-includes/bookmark.php wp-includes/bookmark.php
index ab4b8c8..c987f9c 100644
--- wp-includes/bookmark.php
+++ wp-includes/bookmark.php
@@ -186,7 +186,7 @@ function get_bookmarks($args = '') {
 	}
 
 	if ( ! empty($search) ) {
-		$search = like_escape($search);
+		$search = esc_sql( like_escape( stripslashes( $search ) ) );
 		$search = " AND ( (link_url LIKE '%$search%') OR (link_name LIKE '%$search%') OR (link_description LIKE '%$search%') ) ";
 	}
 
diff --git wp-includes/formatting.php wp-includes/formatting.php
index 83f5269..3d84c5d 100644
--- wp-includes/formatting.php
+++ wp-includes/formatting.php
@@ -2746,11 +2746,11 @@ function tag_escape($tag_name) {
  *
  * @since 2.5.0
  *
- * @param string $text The text to be escaped.
- * @return string text, safe for inclusion in LIKE query.
+ * @param string $text The text to be escaped (expected unslashed).
+ * @return string text, NOT safe for inclusion in LIKE query (needs an additional esc_sql()).
  */
-function like_escape($text) {
-	return str_replace(array("%", "_"), array("\\%", "\\_"), $text);
+function like_escape( $text ) {
+	return addcslashes( $text, '_%\\' );
 }
 
 /**
diff --git wp-includes/taxonomy.php wp-includes/taxonomy.php
index d527ee1..f1c51e3 100644
--- wp-includes/taxonomy.php
+++ wp-includes/taxonomy.php
@@ -1356,7 +1356,7 @@ function get_terms($taxonomies, $args = '') {
 	}
 
 	if ( !empty($search) ) {
-		$search = like_escape($search);
+		$search = esc_sql( like_escape( stripslashes( $search ) ) );
 		$where .= $wpdb->prepare( " AND (t.name LIKE %s)", '%' . $search . '%');
 	}