Suppose you mistype your password and get a page saying "wrong password, log in anyway?" You click yes and are logged in to your account. Would you consider that account to be password-protected?
To me, a second factor that can bypass the first factor is exactly the same as this situation. Being able to hack your way into an account is a different issue.
A password is a factor of authentication, so by definition is 1FA. Any service which allows access to the account through social engineering could be labeled as having less than 1FA.
If an attacker could access your account without knowing any of your secrets, then it's really 0FA.
To me, a second factor that can bypass the first factor is exactly the same as this situation. Being able to hack your way into an account is a different issue.