diff --git a/modules/ppcp-settings/src/Service/GatewayRedirectService.php b/modules/ppcp-settings/src/Service/GatewayRedirectService.php
index fa312fceb..c63ee896a 100644
--- a/modules/ppcp-settings/src/Service/GatewayRedirectService.php
+++ b/modules/ppcp-settings/src/Service/GatewayRedirectService.php
@@ -85,9 +85,9 @@ class GatewayRedirectService {
 
 		// Get current URL parameters.
 		// phpcs:disable WordPress.Security.NonceVerification.Recommended
-		$page = isset( $_GET['page'] ) ? sanitize_text_field( wp_unslash( $_GET['page'] ) ) : '';
-		$tab = isset( $_GET['tab'] ) ? sanitize_text_field( wp_unslash( $_GET['tab'] ) ) : '';
-		$section = isset( $_GET['section'] ) ? sanitize_text_field( wp_unslash( $_GET['section'] ) ) : '';
+		$page = isset( $_GET['page'] ) ? $this->sanitize_get_param( $_GET['page'] ) : '';
+		$tab = isset( $_GET['tab'] ) ? $this->sanitize_get_param( $_GET['tab'] ) : '';
+		$section = isset( $_GET['section'] ) ? $this->sanitize_get_param( $_GET['section'] ) : '';
 		// phpcs:enable WordPress.Security.NonceVerification.Recommended
 
 		// Check if we're on a WooCommerce settings page and checkout tab.
@@ -108,4 +108,17 @@ class GatewayRedirectService {
 			exit;
 		}
 	}
+
+	/**
+	 * Sanitizes a GET parameter that could be string or array.
+	 *
+	 * @param mixed $param The parameter to sanitize.
+	 * @return string The sanitized parameter.
+	 */
+	private function sanitize_get_param( $param ): string {
+		if ( is_array( $param ) ) {
+			return '';
+		}
+		return sanitize_text_field( wp_unslash( $param ) );
+	}
 }