You can submit a private security vulnerability report to User Switching via the Security tab on the GitHub repo. The GitHub Security Advisory process facilitates private collaboration on security issues. You'll receive credit for a valid report and a CVE if necessary.

Do not report security issues on the WordPress.org support forums or via email. Thank you.