When you try to change your Email it completely ignores your phone 2FA. That could lead into unexpected person changing your Email or password if they have your log-in of the webpage (e.g you forgot to logout).

Expected:

When you change your Email and phone 2FA is enabled, it should ask for your phone 2FA or recovery code so the procedure can be done

When you change your password, it should ask for phone 2FA, email verification or recovery code so the procedure can be done.