Vulnerability

Hello!

I just installed a worpress Site on my Client Domain,
After installing the site i installed a Filemanager Plugin, when i opened filemanager, it shows the exact path and from the settings the wordpress user can easily Navigate to the ROOT Directory of the SERVER,

I think this is very dangerous, any one can access to the root files and the server will go down, Correct me if i am wrong please.

Waiting for response