If you mean someone hacked or found a script on your site, then it is probably because these are both open source. Meaning, the code for all of wordpress and joomla are free to look at. So basically all core wordpress sites are exactly the same, with the same structure etc.