A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Offenders include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, and others.