diff --git a/src/wp-admin/includes/ajax-actions.php b/src/wp-admin/includes/ajax-actions.php
index 83b682634b..03919ec9ce 100644
--- a/src/wp-admin/includes/ajax-actions.php
+++ b/src/wp-admin/includes/ajax-actions.php
@@ -588,7 +588,7 @@ function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
  * @access private
  */
 function _wp_ajax_add_hierarchical_term() {
-	$action   = $_POST['action'];
+	$action   = isset( $_POST['action'] ) ? sanitize_text_field( $_POST['action'] ) : '';
 	$taxonomy = get_taxonomy( substr( $action, 4 ) );
 	check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
 
@@ -596,7 +596,7 @@ function _wp_ajax_add_hierarchical_term() {
 		wp_die( -1 );
 	}
 
-	$names  = explode( ',', $_POST[ 'new' . $taxonomy->name ] );
+	$names  = isset( $_POST[ 'new' . $taxonomy->name ] ) ? explode( ',', sanitize_text_field( $_POST[ 'new' . $taxonomy->name ] ) ) : array();
 	$parent = isset( $_POST[ 'new' . $taxonomy->name . '_parent' ] ) ? (int) $_POST[ 'new' . $taxonomy->name . '_parent' ] : 0;
 
 	if ( 0 > $parent ) {
@@ -606,10 +606,10 @@ function _wp_ajax_add_hierarchical_term() {
 	if ( 'category' === $taxonomy->name ) {
 		$post_category = isset( $_POST['post_category'] ) ? (array) $_POST['post_category'] : array();
 	} else {
-		$post_category = ( isset( $_POST['tax_input'] ) && isset( $_POST['tax_input'][ $taxonomy->name ] ) ) ? (array) $_POST['tax_input'][ $taxonomy->name ] : array();
+		$post_category = isset( $_POST['tax_input'][ $taxonomy->name ] ) ? (array) $_POST['tax_input'][ $taxonomy->name ] : array();
 	}
 
-	$checked_categories = array_map( 'absint', (array) $post_category );
+	$checked_categories = array_map( 'absint', $post_category );
 	$popular_ids        = wp_popular_terms_checklist( $taxonomy->name, 0, 10, false );
 
 	foreach ( $names as $cat_name ) {