Just thought I'd pull this question out of my last email to give it more visibility: are most privilege escalation attacks designed so the user changes their roles/capabilities in the database, or is it more that they trick WP into ignoring the lower capabilities? Thanks, Dan