It depends on the plugin.
The rule of thumb is that it is a bad sign when a plugin is not being updated, but is it “dangerous” depends on the complexity of the plugin. For example I have a small plugin which is probably 10 lines of code and will never become “dangerous” because of what it does and how it works even if it will not be updated for 5 years.
The main “danger” is usually that it will not work well with newer wordpress versions, but you will probably discover this very fast.
But security wise, if a code was secure at the time it was released, it is not very likely to become less secure with time. The biggest problem is that there might have been a security issue with the plugin but there is no one to fix it.
The rule of thumb should be that If you use an unmaintained plugin you need to be able to maintain it yourself. If you don’t have the skill, then just don’t use it, the is risk that it will fail on a wordpress upgrade and bring your site down and you will be forced to be stuck in out dated versions.