Directory browsing is when you can browse a website’s files and folders and it displays you that. This happens because the web server that hosts your site can not only display web pages. But also the content of your web directories and other files. The reason this happens is that there is no index file(index.html, index.php, etc) in the directory.
When a browser sends a request to access a web page, it is the webserver that processes that request. A web server can be configured or instructed to prioritize which web pages to display whenever it receives such requests.
Typically, the index file (“index.html” or “index.php”) is the first file the webserver serves up when a browser sends a request. However, in the absence of an index file, the webserver displays the entire contents of the directory that was requested by the browser. This means all the files and folders inside the directory are on display!
Directory browsing would also enable an attacker to view the critical and confidential contents of restricted files in the directory. And even the hierarchy of these files, that would give him crucial insights into the configuration of the website. All these would aid him in finding the vulnerabilities in your site – WordPress plugins, themes, core, etc – if the directory that contains these files has enabled directory browsing by default.