diff --git a/administrator/components/com_plugins/Field/PluginorderingField.php b/administrator/components/com_plugins/Field/PluginorderingField.php
index 53453551b6913..8826f2bb288c1 100644
--- a/administrator/components/com_plugins/Field/PluginorderingField.php
+++ b/administrator/components/com_plugins/Field/PluginorderingField.php
@@ -53,8 +53,10 @@ protected function getQuery()
 				)
 			)
 			->from($db->quoteName('#__extensions'))
-			->where('(type =' . $db->quote('plugin') . 'AND folder=' . $db->quote($folder) . ')')
-			->order('ordering');
+			->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
+			->where($db->quoteName('folder') . ' = :folder')
+			->order($db->quoteName('ordering'))
+			->bind(':folder', $folder);
 
 		return $query;
 	}
diff --git a/administrator/components/com_plugins/Model/PluginModel.php b/administrator/components/com_plugins/Model/PluginModel.php
index 1ba500651ab72..5f7582e0ed738 100644
--- a/administrator/components/com_plugins/Model/PluginModel.php
+++ b/administrator/components/com_plugins/Model/PluginModel.php
@@ -260,7 +260,8 @@ protected function preprocessForm(Form $form, $data, $group = 'content')
 			->select($db->quoteName('element'))
 			->from($db->quoteName('#__extensions'))
 			->where($db->quoteName('type') . ' = ' . $db->quote('plugin'))
-			->where($db->quoteName('folder') . ' = ' . $db->quote($folder));
+			->where($db->quoteName('folder') . ' = :folder')
+			->bind(':folder', $folder);
 		$db->setQuery($query);
 		$elements = $db->loadColumn();
 
diff --git a/administrator/components/com_plugins/Model/PluginsModel.php b/administrator/components/com_plugins/Model/PluginsModel.php
index b81ea0751339d..0b08a2e6fde6e 100644
--- a/administrator/components/com_plugins/Model/PluginsModel.php
+++ b/administrator/components/com_plugins/Model/PluginsModel.php
@@ -15,6 +15,7 @@
 use Joomla\CMS\Language\Text;
 use Joomla\CMS\MVC\Factory\MVCFactoryInterface;
 use Joomla\CMS\MVC\Model\ListModel;
+use Joomla\Database\ParameterType;
 use Joomla\Utilities\ArrayHelper;
 
 /**
@@ -230,7 +231,9 @@ protected function getListQuery()
 		// Filter by access level.
 		if ($access = $this->getState('filter.access'))
 		{
-			$query->where('a.access = ' . (int) $access);
+			$access = (int) $access;
+			$query->where($db->quoteName('a.access') . ' = :access')
+				->bind(':access', $access, ParameterType::INTEGER);
 		}
 
 		// Filter by published state.
@@ -238,11 +241,13 @@ protected function getListQuery()
 
 		if (is_numeric($published))
 		{
-			$query->where('a.enabled = ' . (int) $published);
+			$published = (int) $published;
+			$query->where($db->quoteName('a.enabled') . ' = :published')
+				->bind(':published', $published, ParameterType::INTEGER);
 		}
 		elseif ($published === '')
 		{
-			$query->where('(a.enabled IN (0, 1))');
+			$query->whereIn($db->quoteName('a.enabled'), [0, 1]);
 		}
 
 		// Filter by state.
@@ -251,13 +256,15 @@ protected function getListQuery()
 		// Filter by folder.
 		if ($folder = $this->getState('filter.folder'))
 		{
-			$query->where('a.folder = ' . $db->quote($folder));
+			$query->where($db->quoteName('a.folder') . ' = :folder')
+				->bind(':folder', $folder);
 		}
 
 		// Filter by element.
 		if ($element = $this->getState('filter.element'))
 		{
-			$query->where('a.element = ' . $db->quote($element));
+			$query->where($db->quoteName('a.element') . ' = :element')
+				->bind(':element', $element);
 		}
 
 		// Filter by search in name or id.
@@ -267,7 +274,9 @@ protected function getListQuery()
 		{
 			if (stripos($search, 'id:') === 0)
 			{
-				$query->where('a.extension_id = ' . (int) substr($search, 3));
+				$ids = (int) substr($search, 3);
+				$query->where($db->quoteName('a.extension_id') . ' = :id');
+				$query->bind(':id', $ids, ParameterType::INTEGER);
 			}
 		}