Can a wordpress exploit give root access to a server?

I had a blog based on wordpress, v 3.1开发者_Python百科.2, the problem is the hosting company tells me a exploit gave access to hackers so they erased my files and databases, but also i found on pastebin the usernames and passwords to my parallels control panel(not the one of wordpress) and my password. See for yourself, available now only on cache:

http://webcache.googleusercontent.com/search?q=cache:QUq4z1nKabgJ:pastebin.com/n8gunbQx+invacib+pastebin&cd=1&hl=en&ct=clnk&client=ubuntu&source=www.google.com

The main question, getting those users/passwords can it be the hosting fault??? not associated with wordpress??

Yes it is the hosting company's fault. A hacker might have downloaded a database backup made by the hosting company of their clients info and shared these info in public.

A wordpress exploit, at worst, can only give the access the php has. If php has root access its the hosting fault for giving it root access.

What hosting company says you're out of date WP caused parallels to be hacked? Do you happen to know the version of parallels they're using? It is possible that the hacker put in a keylogger in WordPress and logged you typing in your parallel password. It is also quite possible if it is the host that I am thinking of that the passwords were easy to get. Of course, it is also quite possible that they got your passwords via a dictionary attack, especially if you used the same password and username or email on another site that was hacked.