A quarter of major CMSs use outdated MD5 as the default password hashing scheme

Offenders include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB, SugarCRM, and others.

source Latest blogs for ZDNet https://zd.net/2WNAmoD