diff --git a/badges/related_action.php b/badges/related_action.php
index 8011aed57d5b3..28d8d9d6ee41b 100644
--- a/badges/related_action.php
+++ b/badges/related_action.php
@@ -36,6 +36,7 @@
 require_capability('moodle/badges:configuredetails', $context);
 
 if ($action == 'remove') {
+    require_sesskey();
     $badge->delete_related_badge($relatedid);
 }
 
diff --git a/badges/renderer.php b/badges/renderer.php
index 81b733024d466..2d0616259f4fa 100644
--- a/badges/renderer.php
+++ b/badges/renderer.php
@@ -1104,13 +1104,13 @@ protected function render_badge_related(\core_badges\output\badge_related $relat
             );
             if (!$currentbadge->is_active() && !$currentbadge->is_locked()) {
                 $action = $this->output->action_icon(
-                    new moodle_url('related_action.php',
-                        array(
-                            'badgeid' => $related->currentbadgeid,
-                            'relatedid' => $badge->id,
-                            'action' => 'remove'
-                        )
-                    ), new pix_icon('t/delete', get_string('delete')));
+                    new moodle_url('/badges/related_action.php', [
+                        'badgeid' => $related->currentbadgeid,
+                        'relatedid' => $badge->id,
+                        'sesskey' => sesskey(),
+                        'action' => 'remove'
+                    ]),
+                    new pix_icon('t/delete', get_string('delete')));
                 $actions = html_writer::tag('div', $action, array('class' => 'badge-actions'));
                 array_push($row, $actions);
             }