A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to "infect" over 100 organizations by trojanizing a copy of the popular 'Dracula Official theme to include risky code. Further research into the VSCode Marketplace found thousands of extensions with millions of installs.
I think people often have a vaguely formed assumption that plugins are somehow sandboxed and less dangerous. But that all depends on the software hosting the plugin. There was a recent issue with a KDE theme wiping a user’s files which brought this to light. We can’t assume plugins or themes are any less dangerous than random executables.