If a WP install is hacked, can it spread to other domains on a server?
Sorry to hear that.
WordPress security depends on a trust you have in plugins, themes, and the WordPress core itself.
If only a single PHP file is damaged, the whole web farm that runs WordPress can be damaged.
So the fair answer to your question is Yes.
In WordPress plugins and theme have the access privileges of the web server process that runs the web server.