Dear virtuemart development team,
We have found a bug in VM 2.9.6.
administrator/components/com_virtuemart/tables/userinfos.php: 103
The check to see if a user is admin misses an exclamation mark.
Old: $user->authorise('core.admin','com_virtuemart')
New: !$user->authorise('core.admin','com_virtuemart')
So if a user is not an admin check to see if the user id's matches so the user can be updated and otherwise report as "hacking attempt"
Thanks, was already fixed ( dont know how long ago)
time to upload the new version.