The security issue is caused due to the distribution of a compromised phpMyAdmin source code package containing a backdoor. The vulnerability has been cataloged as being a critical one. It’s not the first time a widely used open-source project has been hit by a breach affecting the security of its many downstream users. In June of last year, WordPress required all account holders on WordPress.org to change their passwords following the discovery that hackers contaminated it with malicious software that can be hacked into the site.
Source: https://thehackernews.com/2012/09/backdoored-phpmyadmin-distributed-at.html