A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users.
https://twitter.com/NinadMishra5/status/1350077938176151558
http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html