Federated Learning (FL) is a distributed machine learning framework that enables the collaborative training of machine learning models by multiple entities. However, FL is vulnerable to various potential risks, especially backdoor attacks. A backdoor attack aims to implant hidden backdoors into a global model by compromising one or more clients and making them provide poisoned model updates. Consequently, the global model misclassifies inputs with triggers as adversary-desired classes/labels while performing well on benign inputs. Despite its severity, existing literature lacks a comprehensive review on backdoor attacks and their defense mechanisms of FL, especially for vertical FL. This paper comprehensively reviews and evaluates recent advances in backdoor attacks and defense mechanisms on FL. We first introduce foundational concepts about FL, backdoor attacks, and defense mechanisms, along with their respective security models. Then, we propose two sets of evaluation criteria that a sound backdoor attack and a defense mechanism should meet, respectively. After that, we provide taxonomies of existing backdoor attacks and defense mechanisms of FL and review them by employing the proposed criteria to evaluate their pros and cons. We also explore a positive application of backdoors in FL, i.e., backdoor-based watermarking. Finally, we discuss a number of open issues and suggest promising future research directions.