Though, it is not always the case that they secure a single domain.
The Single Site SSL Certificates of some vendors, such as Sectigo® and Trustico®, secure the common name specified on an SSL Certificate and its www. subdomain as a SAN.
Likewise, the root domain will be the SAN if the common name contains www.
For instance, if the common name on your Single Site SSL Certificate is example.com, then www.example.com will be included as a SAN on the Certificate.
However, if the common name on your Single Site SSL Certificate is www.example.com, then the root domain example.com will be included as a SAN on the Certificate.
This is the case for Single Site SSL Certificates of all three validation levels (DV, OV an EV).
A Single Site OV and EV SSL Certificate will secure the www. subdomain the same as a DV will.