diff --git a/src/wp-includes/pluggable.php b/src/wp-includes/pluggable.php
index 1e6b220f01..dc10c7f393 100644
--- a/src/wp-includes/pluggable.php
+++ b/src/wp-includes/pluggable.php
@@ -1080,6 +1080,10 @@ if ( !function_exists('check_ajax_referer') ) :
  *                   0-12 hours ago, 2 if the nonce is valid and generated between 12-24 hours ago.
  */
 function check_ajax_referer( $action = -1, $query_arg = false, $die = true ) {
+	if ( -1 == $action ) {
+		_doing_it_wrong( __FUNCTION__, __( 'You should specify a nonce action to be verified by using the first parameter.' ), '4.7' );
+	}
+
 	$nonce = '';
 
 	if ( $query_arg && isset( $_REQUEST[ $query_arg ] ) )
diff --git a/tests/phpunit/tests/auth.php b/tests/phpunit/tests/auth.php
index 94d77388f1..581e856f64 100644
--- a/tests/phpunit/tests/auth.php
+++ b/tests/phpunit/tests/auth.php
@@ -149,6 +149,34 @@ class Tests_Auth extends WP_UnitTestCase {
 		$this->assertEquals( $count, did_action( $this->nonce_failure_hook ) );
 	}
 
+	/**
+	 * @ticket 36361
+	 */
+	public function test_check_admin_referer_with_no_action_triggers_doing_it_wrong() {
+		$this->setExpectedIncorrectUsage( 'check_admin_referer' );
+
+		// A valid nonce needs to be set so the check doesn't die()
+		$_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
+		$result = check_admin_referer();
+		$this->assertSame( 1, $result );
+
+		unset( $_REQUEST['_wpnonce'] );
+	}
+
+	/**
+	 * @ticket 36361
+	 */
+	public function test_check_ajax_referer_with_no_action_triggers_doing_it_wrong() {
+		$this->setExpectedIncorrectUsage( 'check_ajax_referer' );
+
+		// A valid nonce needs to be set so the check doesn't die()
+		$_REQUEST['_wpnonce'] = wp_create_nonce( -1 );
+		$result = check_ajax_referer();
+		$this->assertSame( 1, $result );
+
+		unset( $_REQUEST['_wpnonce'] );
+	}
+
 	function test_password_length_limit() {
 		$limit = str_repeat( 'a', 4096 );