A vulnerability was found in saadiqbal User Management Plugin up to 1.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the component User Management. Such manipulation leads to authorization bypass.

This vulnerability is uniquely identified as CVE-2026-12097. The attack can be launched remotely. No exploit exists.