A low-privileged user could assign themselves or switch to any role with an equal or lesser user level, or any role that did not have an assigned user level. This could be done by sending a POST request to wp-admin/profile.php with typical profile update parameters and appending a aam_user_roles[] parameter set to the role they would like to use.
CPE | Name | Operator | Version |
---|---|---|---|
advanced-access-manager | lt | 6.6.2 |