The victim's email client decrypts the email and loads any external content, thus exfiltrating the plaintext to the attacker.

This is the part that makes this much less serious. I would hope that anyone capable enough to use PGP to begin with would also know not to have their client pull in anything external. I'm gradually moving to Protonmail as my e-mail provider, and it defaults to not downloading any external images (a setting that I have, needless to say, left alone).