Applications utilizing the older XML-RPC extension to handle remote API requests are exposed to severe memory disclosure bugs.

Running legacy applications on PHP 5.6.40 poses immense enterprise security risks. Because it is unmaintained, newly discovered infrastructure flaws—such as the recent —can completely compromise servers running legacy PHP runtimes. Core Security Vulnerabilities in PHP 5.6.40

Take advantage of better error handling, typed properties, and modern syntax.

No security patches have been released since January 2019. Over 200+ known, unpatched vulnerabilities exist for PHP 5.6.x that affect version 5.6.40. Using it today is a severe security risk.

The U.S. government's repository of standards-based vulnerability management data. Search the NVD CVE Portal using the keyword "PHP" to view active listings.