diff --git a/src/wp-includes/functions.php b/src/wp-includes/functions.php
index 67089803bb..3183739378 100644
--- a/src/wp-includes/functions.php
+++ b/src/wp-includes/functions.php
@@ -1196,6 +1196,10 @@ function add_query_arg( ...$args ) {
 /**
  * Removes an item or items from a query string.
  *
+ * Important: The return value of remove_query_arg() is not escaped by default. Output should be
+ * late-escaped with esc_url() or similar to help prevent vulnerability to cross-site scripting
+ * (XSS) attacks.
+ *
  * @since 1.5.0
  *
  * @param string|string[] $key   Query key or keys to remove.