diff --git a/core/server/models/base/index.js b/core/server/models/base/index.js
index 36d603e281..0793197f31 100644
--- a/core/server/models/base/index.js
+++ b/core/server/models/base/index.js
@@ -932,6 +932,11 @@ ghostBookshelf.Model = ghostBookshelf.Model.extend({
             model.applyDefaultAndCustomFilters(options);
         }
 
+        // Ensure only valid fields/columns are added to query
+        if (options.columns) {
+            options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
+        }
+
         return model.fetch(options);
     },
 
diff --git a/core/server/models/user.js b/core/server/models/user.js
index f5f8fdec2f..ec5f05fd3a 100644
--- a/core/server/models/user.js
+++ b/core/server/models/user.js
@@ -384,6 +384,11 @@ User = ghostBookshelf.Model.extend({
             data = _.cloneDeep(dataToClone),
             lookupRole = data.role;
 
+        // Ensure only valid fields/columns are added to query
+        if (options.columns) {
+            options.columns = _.intersection(options.columns, this.prototype.permittedAttributes());
+        }
+
         delete data.role;
         data = _.defaults(data || {}, {
             status: 'all'