Hello,

I'm writing to check if the maintainer is aware that someone created a CVE for the passprompt plugin: https://nvd.nist.gov/vuln/detail/CVE-2024-58250.

The CVE only points to the removal of the feature as the fix and is classified as Untrusted Search Path.

MITRE also rated it as a critical CVE.

Given the lack of details on what the CVE is exactly about, plus the history of random people creating CVEs without the upstream developers knowing about it[0], I'm checking if you're aware of this.

Feel free to resolve this issue whenever you see fit.

NOTE: This is a public CVE, there's nothing sensitive in this message.

[0] https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/