Thank you to Febin for finding a CSRF allowing malicious attackers the opportunity to post messages from a victims account. This was resolved using tokens.
Thank you to Vict0ni who found that an older restored login page held a redirection bug that was resolved, but reappeared. It was fixed upon his notification of the bug.
Thank you for finding a bug in third party sharing where it was possible to duplicate the U field, enabling our content to show but a bad actors website to be linked through to. Provided a detailed report and screen captures which aided us hugely in resolving the issue.