diff --git a/changelog b/changelog
index e1ea3fe2b68..606ad814b8a 100644
--- a/changelog
+++ b/changelog
@@ -65,6 +65,7 @@ Version 1.13.0+dev:
    * Made silence.ogg larger to work around a crash involving the multiplayer
      lobby with music and sound enabled (bug #23633, possibly also bug #23599,
      bug #23203, bug #23026).
+   * Disallowed inclusion of .pbl files from WML (bug #23504).
 
 Version 1.13.0:
  * Security fixes:
diff --git a/src/filesystem.cpp b/src/filesystem.cpp
index b76e07fe123..7d5adb60d78 100644
--- a/src/filesystem.cpp
+++ b/src/filesystem.cpp
@@ -1008,6 +1008,11 @@ std::string get_wml_location(const std::string &filename, const std::string &cur
 		return result;
 	}
 
+	if (ends_with(filename, ".pbl")) {
+		ERR_FS << "Illegal path '" << filename << "' (.pbl files are not allowed)." << std::endl;
+		return result;
+	}
+
 	bool already_found = false;
 
 	if (filename[0] == '~')
diff --git a/src/filesystem_boost.cpp b/src/filesystem_boost.cpp
index 9a8722eafa1..21b582159e1 100644
--- a/src/filesystem_boost.cpp
+++ b/src/filesystem_boost.cpp
@@ -1000,6 +1000,11 @@ static bool is_legal_file(const std::string &filename)
 		return false;
 	}
 
+	if (ends_with(filename, ".pbl")) {
+		ERR_FS << "Illegal path '" << filename << "' (.pbl files are not allowed)." << std::endl;
+		return false;
+	}
+
 	return true;
 }