diff --git a/includes/core/class-form.php b/includes/core/class-form.php
index 65389f6c..ed224c4d 100644
--- a/includes/core/class-form.php
+++ b/includes/core/class-form.php
@@ -374,11 +374,36 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 
 					$this->post_form = array_merge( $this->form_data, $this->post_form );
 
+					// Remove role from post_form at first if role ! empty and there aren't custom fields with role name
+					if ( ! empty( $_POST['role'] ) ) {
+						if ( ! isset( $this->form_data['custom_fields'] ) || ! strstr( $this->form_data['custom_fields'], 'role_' ) ) {
+							unset( $this->post_form['role'] );
+							unset( $this->post_form['submitted']['role'] );
+						}
+					}
+
+					// Secure sanitize of the submitted data
+					if ( ! empty( $this->post_form ) ) {
+						$this->post_form = array_diff_key( $this->post_form, array_flip( UM()->user()->banned_keys ) );
+					}
+					if ( ! empty( $this->post_form['submitted'] ) ) {
+						$this->post_form['submitted'] = array_diff_key( $this->post_form['submitted'], array_flip( UM()->user()->banned_keys ) );
+					}
+
+					// set default role from settings on registration form
+					if ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
+
+						$role = $this->assigned_role( $this->form_id );
+						$this->post_form['role'] = $role;
+
+					}
+
 					if ( isset( $this->form_data['custom_fields'] ) && strstr( $this->form_data['custom_fields'], 'role_' ) ) {  // Secure selected role
 
-						$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
-
 						if ( ! empty( $_POST['role'] ) ) {
+
+							$custom_field_roles = $this->custom_field_roles( $this->form_data['custom_fields'] );
+
 							if ( ! empty( $custom_field_roles ) ) {
 								$role = $_POST['role'];
 
@@ -402,15 +427,15 @@ if ( ! class_exists( 'um\core\Form' ) ) {
 							} else {
 								unset( $this->post_form['role'] );
 								unset( $this->post_form['submitted']['role'] );
+
+								// set default role for registration form if custom field hasn't proper value
+								if ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
+									$role = $this->assigned_role( $this->form_id );
+									$this->post_form['role'] = $role;
+								}
 							}
 						}
 
-					} elseif ( isset( $this->post_form['mode'] ) && $this->post_form['mode'] == 'register' ) {
-
-						$role = $this->assigned_role( $this->form_id );
-						$this->post_form['role'] = $role;
-						//fix for social login
-						//$this->post_form['submitted']['role'] = $role;
 					}
 
 					if ( isset( $_POST[ UM()->honeypot ] ) && $_POST[ UM()->honeypot ] != '' ) {
diff --git a/includes/core/class-user.php b/includes/core/class-user.php
index b6bbdcbf..e882e4f2 100644
--- a/includes/core/class-user.php
+++ b/includes/core/class-user.php
@@ -345,7 +345,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
 				return;
 			}
 
-			if ( ! empty( $_POST['um-role'] ) ) {
+			if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
 				if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
 					UM()->roles()->set_role( $user_id, $_POST['um-role'] );
 				}
@@ -366,7 +366,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
 				return;
 			}
 
-			if ( ! empty( $_POST['um-role'] ) ) {
+			if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
 				if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
 					UM()->roles()->set_role( $user_id, $_POST['um-role'] );
 				}
@@ -589,7 +589,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
 
 			if ( is_admin() ) {
 				//if there custom 2 role not empty
-				if ( ! empty( $_POST['um-role'] ) ) {
+				if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
 					$user = get_userdata( $user_id );
 					$user->add_role( $_POST['um-role'] );
 					UM()->user()->profile['role'] = $_POST['um-role'];
@@ -639,7 +639,7 @@ if ( ! class_exists( 'um\core\User' ) ) {
 			$new_roles = $userdata->roles;
 
 			if ( is_admin() ) {
-				if ( ! empty( $_POST['um-role'] ) ) {
+				if ( ! empty( $_POST['um-role'] ) && current_user_can( 'promote_users' ) ) {
 					$new_roles = array_merge( $new_roles, array( $_POST['um-role'] ) );
 					if ( ! user_can( $user_id, $_POST['um-role'] ) ) {
 						UM()->roles()->set_role( $user_id, $_POST['um-role'] );
diff --git a/ultimate-member.php b/ultimate-member.php
index 6961a1b9..dbf4870b 100644
--- a/ultimate-member.php
+++ b/ultimate-member.php
@@ -3,7 +3,7 @@
 Plugin Name: Ultimate Member
 Plugin URI: http://ultimatemember.com/
 Description: The easiest way to create powerful online communities and beautiful user profiles with WordPress
-Version: 2.1.11
+Version: 2.1.12-rc.1
 Author: Ultimate Member
 Author URI: http://ultimatemember.com/
 Text Domain: ultimate-member