This is an easy fix by simply using $_REQUEST
instead of $_GET
in your hidden field for register_form
. More importantly, you should be sanitizing the field before you echo it, otherwise you’re wide open to injection and CSRF:
<?php if ( isset( $_REQUEST['role'] ) ) echo esc_attr( $_REQUEST['role'] ) ?>