diff --git a/wp-admin/users.php b/wp-admin/users.php
index bf6b3a4dc0..fb552144a6 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -111,9 +111,11 @@ case 'promote':
 	}
 
 	if ('up' == $prom) {
-		$sql="UPDATE $tableusers SET user_level=user_level+1 WHERE ID = $id";
+		$new_level = $usertopromote_level + 1;
+		$sql="UPDATE $tableusers SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
 	} elseif ('down' == $prom) {
-		$sql="UPDATE $tableusers SET user_level=user_level-1 WHERE ID = $id";
+		$new_level = $usertopromote_level - 1;
+		$sql="UPDATE $tableusers SET user_level=$new_level WHERE ID = $id AND $new_level < $user_level";
 	}
 	$result = $wpdb->query($sql);