I suppose you could call the plugins’s user controller like so:
await strapi.controller("plugin::users-permissions.user").create(...)
await strapi.controller("plugin::users-permissions.user").update(...)
await strapi.controller("plugin::users-permissions.user").find(...)
await strapi.controller("plugin::users-permissions.user").findOne(...)
await strapi.controller("plugin::users-permissions.user").destroy(...)
Not sure how well this will play with authorization. Another option would be calling the plugin’s user service:
await strapi.service("plugin::users-permissions.user").add(...)
await strapi.service("plugin::users-permissions.user").fetch(...)
await strapi.service("plugin::users-permissions.user").remove(...)
Just beware that calling the service directly will circumvent bunch of validations that are done within the controller. See the controller implementation for details.