Security question about server root access by wordpress admin

I have a security question. I gave the WordPress admin access to someone for a series of changes. Could he use the shell or any other way to infiltrate the server and access other hosts on server?