diff --git a/client-mu-plugins/goodbids/src/classes/Plugins/WooCommerce/Emails/Email.php b/client-mu-plugins/goodbids/src/classes/Plugins/WooCommerce/Emails/Email.php
index d1f598297..1beffee05 100644
--- a/client-mu-plugins/goodbids/src/classes/Plugins/WooCommerce/Emails/Email.php
+++ b/client-mu-plugins/goodbids/src/classes/Plugins/WooCommerce/Emails/Email.php
@@ -317,7 +317,7 @@ public function trigger( mixed $object = null, ?int $user_id = null ): void {
 		// Woohoo, send the email!
 		$this->send(
 			$this->get_recipient(),
-			$this->get_subject(),
+			goodbids()->utilities->sanitize_email_subject( $this->get_subject() ),
 			$this->get_content(),
 			$this->get_headers(),
 			$this->get_attachments()
@@ -439,9 +439,10 @@ private function default_placeholders(): void {
 		$this->add_placeholder( '{auctions_url}', get_post_type_archive_link( goodbids()->auctions->get_post_type() ) );
 
 		// Auction Details.
+		$auction_title = $auction?->get_title() ?: '';
 		$this->add_placeholder( '{auction.url}', $auction?->get_url() );
 		$this->add_placeholder( '{auction.admin_url}', get_edit_post_link( $auction?->get_id() ) );
-		$this->add_placeholder( '{auction.title}', $auction?->get_title() );
+		$this->add_placeholder( '{auction.title}', htmlspecialchars( $auction_title ) );
 		$this->add_placeholder( '{auction.start_date_time}', $auction?->get_start_date_time( $datetime_format ) );
 		$this->add_placeholder( '{auction.end_date_time}', $auction?->get_end_date_time( $datetime_format ) );
 
diff --git a/client-mu-plugins/goodbids/src/classes/Utilities/Utilities.php b/client-mu-plugins/goodbids/src/classes/Utilities/Utilities.php
index 58f0e381b..05a7220e1 100644
--- a/client-mu-plugins/goodbids/src/classes/Utilities/Utilities.php
+++ b/client-mu-plugins/goodbids/src/classes/Utilities/Utilities.php
@@ -242,4 +242,18 @@ public function network_get_current_blog_id(): int {
 
 		return intval( sanitize_text_field( $_GET['id'] ) ); // phpcs:ignore
 	}
+
+	/**
+	 * Sanitize Special Characters from Email Subject
+	 *
+	 * @since 1.0.1
+	 *
+	 * @param string $subject
+	 *
+	 * @return string
+	 */
+	public function sanitize_email_subject( string $subject ): string {
+		$subject = htmlspecialchars_decode( $subject );
+		return html_entity_decode( $subject );
+	}
 }