One of the most important reasons for updating PHP is to ensure that you work on a version that is fully supported and regularly updated for security vulnerabilities. PHP 5.4 has not been fixed since 2015. And PHP 5.5 has not been fixed since 2016. The threats can be different: DoS, code execution, overflow, memory corruption, XSS, directory traversal, information traversal, and retrieval. Numerous old versions vulnerabilities become exposed every year and some of them will never be fixed.