The BuddyPress WooCommerce My Account Integration plugin for WordPress allows users to create WooCommerce Member Pages. However, it has a vulnerability that could allow unauthorized access. This is because it lacks a check for capabilities on the wc4bp_delete_page() function. This vulnerability exists in all versions up to and including 3.4.25. As a result, attackers who are logged in and have Subscriber-level access or higher can make changes to the plugin’s page setting.