update: ISSUE FIXED

it was an XSS vulnerability because of that particuler theme. I enever thought about that because i thought myBB is quite secured, IT IS. But just the problem in theme designed which allowed html entities.

Just as an FYI,
Thanks for the support anyway.