Notepad++ (and many other Windows executables) was found vulnerable to loading a hacked DLL dependency on a compromised Windows system. Notepad++ itself contained no backdoor as far as I can tell.
This issue is explained here, as well as the actions taken to prevent it from happening again:
That is stretching the definition.
A privileged local attacker could (and can) modify Notepad++ and any other software, that is not a vulnerability or issue of any kind.